STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019: STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:SV-21804r4_rule
V-19663
VVoIP 6210
VVoIP 6210
CAT II
10
Implement the CE-R to route all inbound traffic to the data firewall function except SIP, AS-SIP, and SRTP/SRTCP, which must route to the SBC.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Review site documentation to confirm the CE-R routes all inbound traffic to the data firewall function except SIP, AS-SIP, and SRTP/SRTCP, which must route to the SBC. This supports the VVoIP system connecting to the DISN WAN for VVoIP transport between enclaves and the system providing Assured Services to any Command and Control (C2) user (Special-C2, C2, or C2-R).
If the CE-R does not route all inbound traffic to the data firewall function except SIP, AS-SIP, and SRTP/SRTCP, this is a finding.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
V-19663
False
VVoIP 6210
Review site documentation to confirm the CE-R routes all inbound traffic to the data firewall function except SIP, AS-SIP, and SRTP/SRTCP, which must route to the SBC. This supports the VVoIP system connecting to the DISN WAN for VVoIP transport between enclaves and the system providing Assured Services to any Command and Control (C2) user (Special-C2, C2, or C2-R).
If the CE-R does not route all inbound traffic to the data firewall function except SIP, AS-SIP, and SRTP/SRTCP, this is a finding.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
M
3407