STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:

The implementation of Unified Mail services degrades the separation between the voice and data protection zones (VLANs).

DISA Rule

SV-21786r2_rule

Vulnerability Number

V-19645

Group Title

Deficient imp'n: UM degrades voice/data separation

Rule Version

VVoIP 5560

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure the implementation of a unified mail system does not degrade the separation and traffic filtering between the voice and data security zones or VLANs.

Configure unified mail services with access to both the data and voice VLANs to NOT bridge the two environments together.

Check Contents

Perform a network penetration test from the data VLAN(s) to the Voice VLAN(s). Direct the scan at the unified mail connection on the data VLAN(s). Perform a similar scan in the opposite direction. This is a finding in the event the hosts on the VLAN(s) opposite the one the scanner is connected to are accessible.

Vulnerability Number

V-19645

Documentable

False

Rule Version

VVoIP 5560

Severity Override Guidance

Perform a network penetration test from the data VLAN(s) to the Voice VLAN(s). Direct the scan at the unified mail connection on the data VLAN(s). Perform a similar scan in the opposite direction. This is a finding in the event the hosts on the VLAN(s) opposite the one the scanner is connected to are accessible.

Check Content Reference

M

Target Key

3407

Comments