STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019: STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:SV-21810r3_rule
V-19669
VVoIP 6320
VVoIP 6320
CAT III
10
Ensure the DISN NIPRNet IPVS SBC is configured to validate the structure and validity of SIP and AS-SIP messages such that malformed messages or messages containing errors are dropped before action is taken on its contents.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Interview the ISSO to confirm compliance with the following requirement:
Verify the DISN NIPRNet IPVS SBC is configured to validate the structure and validity of SIP and AS-SIP messages such that malformed messages or messages containing errors are dropped before action is taken on the contents.
If the SBC does not validate the correct format of the received AS-SIP message, this is a finding.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
V-19669
False
VVoIP 6320
Interview the ISSO to confirm compliance with the following requirement:
Verify the DISN NIPRNet IPVS SBC is configured to validate the structure and validity of SIP and AS-SIP messages such that malformed messages or messages containing errors are dropped before action is taken on the contents.
If the SBC does not validate the correct format of the received AS-SIP message, this is a finding.
NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
M
3407