STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

Deficient support for COOP or emergency and life safety communications when soft-phones are implemented as the primary voice endpoint in user’s workspace caused by deficient placement of physical hardware based phones near all such workspaces.

DISA Rule

SV-17082r1_rule

Vulnerability Number

V-16094

Group Title

Deficient COOP: PC Comm App Backup Comm’s

Rule Version

VVoIP 1920 (GENERAL)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

In the event PC soft-phones and/or UC applications are implemented as the primary telephone endpoint in the user’s workspace, the IAO will ensure hardware based telephone instruments, are installed within a short distance (e.g., 30 to 50 feet) of every workspace to be used for backup and emergency communications.

NOTE: This requirement is satisfied by the implementation of hardwired hardware based telephone instruments using any telephony technology. That is, traditional analog, or digital instruments may be used or VoIP based instruments may be used. Such instruments may be part of the local site’s PBX or VoIP system, or may be served from the Local Exchange Carrier (LEC) or Competitive LEC (CLEC). Of additional concern when implementing backup/COOP or emergency telephones is power. Such phones should be remotely powered from a source that can provide backup power. Additionally, the dialing capabilities of backup/COOP or emergency may be limited to internal and/or emergency calls. This means that minimally, emergency services numbers must be reachable from these phones.

Check Contents

Interview the IAO to validate compliance with the following requirement:

In the event PC soft-phones and/or UC applications are implemented as the primary telephone endpoint in the user’s workspace, the IAO will ensure hardware based telephone instruments, are installed within a short distance (e.g., 30 to 50 feet) of every workspace to be used for backup and emergency communications.

Determine if PC soft-phones and/or UC applications are implemented as the primary telephone endpoint in user’s workspaces. If so, inspect users work areas to determine if hardware based telephone instruments, are installed within a short distance (e.g., 30 to 50 feet) of every workspace to be used for backup and emergency communications. Cell phones, PDA/PEDs, or other wireless devices are not considered reliable enough to meet this requirement due to lack of reliable signal available everywhere and their inability to be used in certain DoD environments. This is a finding if these conditions are not met.

NOTE: This requirement is satisfied by the implementation of hardwired hardware based telephone instruments using any telephony technology. That is, traditional analog, or digital instruments may be used or VoIP based instruments may be used. Such instruments may be part of the local site’s PBX or VoIP system, or may be served from the Local Exchange Carrier (LEC) or Competitive LEC (CLEC). Of additional concern when implementing backup/COOP or emergency telephones is power. Such phones should be remotely powered from a source that can provide backup power. Additionally, the dialing capabilities of backup/COOP or emergency may be limited to internal and/or emergency calls. This means that minimally, emergency services numbers must be reachable from these phones.

PART2 manual
Minimally select a random sample if not all of the implemented hard-phones and test them to ensure they are functional. This is a finding if non functional phones are found.

Vulnerability Number

V-16094

Documentable

False

Rule Version

VVoIP 1920 (GENERAL)

Severity Override Guidance

Interview the IAO to validate compliance with the following requirement:

In the event PC soft-phones and/or UC applications are implemented as the primary telephone endpoint in the user’s workspace, the IAO will ensure hardware based telephone instruments, are installed within a short distance (e.g., 30 to 50 feet) of every workspace to be used for backup and emergency communications.

Determine if PC soft-phones and/or UC applications are implemented as the primary telephone endpoint in user’s workspaces. If so, inspect users work areas to determine if hardware based telephone instruments, are installed within a short distance (e.g., 30 to 50 feet) of every workspace to be used for backup and emergency communications. Cell phones, PDA/PEDs, or other wireless devices are not considered reliable enough to meet this requirement due to lack of reliable signal available everywhere and their inability to be used in certain DoD environments. This is a finding if these conditions are not met.

NOTE: This requirement is satisfied by the implementation of hardwired hardware based telephone instruments using any telephony technology. That is, traditional analog, or digital instruments may be used or VoIP based instruments may be used. Such instruments may be part of the local site’s PBX or VoIP system, or may be served from the Local Exchange Carrier (LEC) or Competitive LEC (CLEC). Of additional concern when implementing backup/COOP or emergency telephones is power. Such phones should be remotely powered from a source that can provide backup power. Additionally, the dialing capabilities of backup/COOP or emergency may be limited to internal and/or emergency calls. This means that minimally, emergency services numbers must be reachable from these phones.

PART2 manual
Minimally select a random sample if not all of the implemented hard-phones and test them to ensure they are functional. This is a finding if non functional phones are found.

Check Content Reference

I

Potential Impact

The inability to make an emergency or any call when the PC soft-phone/UC application is unavailable, particularly in an emergency situation.

Responsibility

Information Assurance Manager

Target Key

594

Comments