scope:

SCOPE, PURPOSE AND APPLICATION

The scope of this standard is to define the user to network interface media plane security requirements. The standard addresses security requirements for voice over packet and multimedia media plane security, including media plane traffic as set up under the Session Initiation Protocol (SIP). [RFC 3261].

This standard addresses VoP/Multimedia media plane security requirements of evolving telecommunications networks. Evolving telecommunications networks often combine legacy telecommunication facilities with new technologies such as Wireless (air interface), Asynchronous Transfer Mode (ATM), and Internet Protocol (IP) transport mechanisms. The security requirements given in this standard apply to service provider networks and may also be applicable to individual company single location and corporate enterprise multi-location networks.

This standard takes the following into consideration:

• Network operators may not always have complete control with respect to which terminal the user uses to connect to the network, and thereby its capabilities with respect to security may not be known.

• The user may use a separate access provider network.

• There may be differences in security depending on the access technology used to connect the user to the network.

This standard concerns the user to network interface (UNI) of evolving networks. For this standard, the UNI is defined as the interface between a VoP/multimedia end user device or terminal (e.g. SIP UA) and the network that provides service to the device or terminal. This standard identifies the various security mechanisms that could be used on this interface. For each of these various mechanisms the specific requirements are defined.

This standard is not intended to imply that each terminal type must support all security mechanisms. Given that a terminal supported a particular security mechanism then it is expected that for that option the terminal would support the appropriate requirements identified.

In this standard, "shall" indicates a mandatory requirement and "should" indicates an optional requirement.

Management and Signaling Plane security issues are outside the scope of this standard.

The purpose of this standard is to specify baseline security requirements for media plane functions of evolving telecommunications networks that use SIP protocols to set up media plane sessions. The intent of this standard is to provide media plane security requirements which may be used by carriers and vendors to allow secure interoperability of multi-vendor end-user devices and networks. This standard provides a minimal set of security requirements as well as general security guidance.