STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-21626r2_rule
V-19562
Segregated VVoIP management
VVoIP 5505 (LAN)
CAT II
10
Implement a dedicated OOB network or closed virtual In-band network (VLAN) for the VVoIP system and connect the core device management interfaces to it in compliance with the following requirement:
Ensure VVoIP system management is segregated or separated from production traffic and other management traffic and such that access and traffic flow can be properly controlled and role based access is supported.
NOTE: the purpose of the separate VVoIP management VLAN or OOB network is to provide for separation of access in support of separation of duties between the data network or server SAs and the VVoIP system SAs. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway or firewall if needed.
Inspect the connections to and the configurations of the VVoIP system core devices and those of the core LAN elements that support them. Look for the dedicated management LAN or VLAN to confirm that one has been implemented.
Verify the voice/video system (VVoIP system and/or TDM switch) management is segregated or separated from production traffic and other management traffic and such that access and traffic flow can be properly controlled and role based access is supported.
If the VVoIP system and LAN is not designed to provide the necessary separation of the management traffic and interfaces or such separation is not implemented as described above or at all, this is a finding.
NOTE: This may be implemented using a separate voice system management VLAN or OOB network, the purpose of which is to provide for separation of access paths in support of separation of duties between the data network and server SAs and the VVoIP or TDM system SAs. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway or firewall if needed.
V-19562
False
VVoIP 5505 (LAN)
Inspect the connections to and the configurations of the VVoIP system core devices and those of the core LAN elements that support them. Look for the dedicated management LAN or VLAN to confirm that one has been implemented.
Verify the voice/video system (VVoIP system and/or TDM switch) management is segregated or separated from production traffic and other management traffic and such that access and traffic flow can be properly controlled and role based access is supported.
If the VVoIP system and LAN is not designed to provide the necessary separation of the management traffic and interfaces or such separation is not implemented as described above or at all, this is a finding.
NOTE: This may be implemented using a separate voice system management VLAN or OOB network, the purpose of which is to provide for separation of access paths in support of separation of duties between the data network and server SAs and the VVoIP or TDM system SAs. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway or firewall if needed.
M
Information Assurance Officer
594