STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-21745r3_rule
V-19604
VVoIP 6150
VVoIP 6150
CAT III
10
Implement and document critical network equipment as redundant and in geographically diverse locations for a site supporting C2 users. Critical network equipment includes CERs, SBCs, and session controllers (or Soft Switches in combination with session controllers).
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Review site documentation to confirm critical network equipment is redundant and in geographically diverse locations for a site supporting C2 users. Redundant sets of CERs, SBCs, and session controllers must be housed in geographically diverse facilities within the site such that if one of locations is lost or isolated from the network, communications service is maintained. Sites facilities with a Soft Switch should have a session controller implemented in a geographically diverse location. If critical network equipment does not have redundant equipment, this is a finding. If redundant critical network equipment is not in a geographically diverse location, this is a finding.
If it is determined, following a cost versus benefit study and risk analysis, that redundant facilities containing dual sets of CERs, SBCs, and session controllers are not warranted for the given site, this requirement should be marked as a finding with a justification included in the POA&M stating the Authorizing Official (AO) is cognizant of and accepts the risk.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
V-19604
False
VVoIP 6150
Review site documentation to confirm critical network equipment is redundant and in geographically diverse locations for a site supporting C2 users. Redundant sets of CERs, SBCs, and session controllers must be housed in geographically diverse facilities within the site such that if one of locations is lost or isolated from the network, communications service is maintained. Sites facilities with a Soft Switch should have a session controller implemented in a geographically diverse location. If critical network equipment does not have redundant equipment, this is a finding. If redundant critical network equipment is not in a geographically diverse location, this is a finding.
If it is determined, following a cost versus benefit study and risk analysis, that redundant facilities containing dual sets of CERs, SBCs, and session controllers are not warranted for the given site, this requirement should be marked as a finding with a justification included in the POA&M stating the Authorizing Official (AO) is cognizant of and accepts the risk.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
M
594