For users who upgrade CUCM from 4.x to 7.x or 8.x, you’ll notice a new indicator below registered devices:

For H.323 gateways, you’ll see a similar (but different) message:

These indicators denote whether the device can support Cisco criteria for secure signaling and media.  The CUCM 7.1(3) Release Notes explain what these messages mean.  In order to be classified as “trusted”, a device must meet the following criteria:

1. Are all devices that are on the call trusted?
2. Is the signaling secure (authenticated and encrypted)?
3. Is the media secure?

For calls that involve a device that is not trusted, regardless of signaling and media security, the overall status of the call will stay unsecure, and the phone will not display the Lock icon. For example, if you include an untrusted device in a conference, the system considers its call leg, as well as the conference itself, to be unsecure.

A Trusted Device represents a Cisco device or a third-party device that has passed Cisco security criteria for trusted connections. This includes, but is not limited to, signaling/media encryption, platform hardening, and assurance. If a device is trusted, a Security icon displays, and a secure tone plays on supported devices. Also, the device may provide other features or indicators that are related to secure calls. – CUCM 7.1(3) Release Notes