You did some basic research and came across this. That's an excellent start. However..... H323 is just an individual VOIP protocol - nothing more, nothing less. Your "Privacy, Authentication, Integrity, Non-Repudiation", is somewhat of a restatement of the CIA Triad - Confidentiality, Integrity and Availability. Non-Repudiation has threads across the entire CIA concept but is a separate concept in and of itself, that some practitioners add in as a fourth element. The entire concept is referred to as Information Assurance (IA) - there are many moving parts and components to this. Probably one of the best descriptions (and there are a number of others that can be used) is the NIST 800 set of standards in terms of laying out the spectrum of security and privacy controls. NIST - The National Institute of Standards and Technology has an entire catalog of publications across the nearly endless topic of Computer System Security. NIST Special Publication 800-53 (Rev. 4) - Security and Privacy Controls for Information Systems and Organizations contains 965 individual controls, categorized into 18 Control Families, of which only 4 families address technical areas that H323 would fall within. AC - Access Control; AU - Audit and Accountability; AT - Awareness and Training; CM - Configuration Management; CP - Contingency Planning; IA - Identification and Authentication; IR - Incident Response; MA - Maintenance; MP - Media Protection; PS - Personnel Security; PE - Physical and Environmental Protection; PL - Planning; PM - Program Management; RA - Risk Assessment; CA - Security Assessment and Authorization; SC - System and Communications Protection; SI - System and Information Integrity; SA - System and Services Acquisition; I'll stop there - just trying to use PAIN to address the topic is a non-starter.