STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

The VVoIP system management network must provide bidirectional enclave boundary protection between the local management network and the DISN voice services management network.

DISA Rule

SV-21610r3_rule

Vulnerability Number

V-19547

Group Title

VVoIP 5405

Rule Version

VVoIP 5405

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement and document the VVoIP system management network to provide bidirectional enclave boundary protection between the local management network and the DISN voice services management network.

Check Contents

Review site documentation to confirm the VVoIP system management network provides bidirectional enclave boundary protection between the local management network and the DISN voice services management network. This requirement is applicable to VVoIP core system devices and TDM based telecom switches managed via multiple networks and those managed via a single physical Ethernet IP interface. For example, when the ADIMSS and local SAs both manage a VVoIP system or device via a common pathway such as the local management VLAN or OOB management network, a firewall is required between the local network and the ADIMSS network.

Determine who owns and is responsible for the enclave boundary protection device configuration and management. This device may be owned and operated by the DISN management network or the local network. Two such devices may be owned and operated by each entity.

If the VVoIP system management network does not provide bidirectional enclave boundary protection between the local management network and the DISN voice services management network, this is a finding.

Vulnerability Number

V-19547

Documentable

False

Rule Version

VVoIP 5405

Severity Override Guidance

Review site documentation to confirm the VVoIP system management network provides bidirectional enclave boundary protection between the local management network and the DISN voice services management network. This requirement is applicable to VVoIP core system devices and TDM based telecom switches managed via multiple networks and those managed via a single physical Ethernet IP interface. For example, when the ADIMSS and local SAs both manage a VVoIP system or device via a common pathway such as the local management VLAN or OOB management network, a firewall is required between the local network and the ADIMSS network.

Determine who owns and is responsible for the enclave boundary protection device configuration and management. This device may be owned and operated by the DISN management network or the local network. Two such devices may be owned and operated by each entity.

If the VVoIP system management network does not provide bidirectional enclave boundary protection between the local management network and the DISN voice services management network, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments