STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-23733r1_rule
V-21521
Deficient Security: Unnecessary PPS disablement
VVoIP 1021 (GENERAL)
CAT II
10
Disable all PPS on all VVoIP or UC system servers and sevices that are not required to support OAM&P in the specific VVoIP system implementation. Additionally, if possible, remove the software for the unnecessary PPS.
Scan the VVoIP system VLANs with a network scanner to determine the PPS running on the system and what protocols system devices are listening for, and on what IP ports.
This is a finding in the event ports are open or protocols are found that are not required by the system to effect system OAM&P in the specific implementation of the system. For example if HTTP is evident, and the system is not managed via HTTP and HTTP is not required for other system functions, then this is an unnecessary PPS resulting in a finding under this requirement.
V-21521
False
VVoIP 1021 (GENERAL)
Scan the VVoIP system VLANs with a network scanner to determine the PPS running on the system and what protocols system devices are listening for, and on what IP ports.
This is a finding in the event ports are open or protocols are found that are not required by the system to effect system OAM&P in the specific implementation of the system. For example if HTTP is evident, and the system is not managed via HTTP and HTTP is not required for other system functions, then this is an unnecessary PPS resulting in a finding under this requirement.
M
Information Assurance Officer
594