STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences while implementing dialing capability from the CODEC must utilize an approved EIA-366-A dial isolator that disconnects the dialing channel between the CODEC and IMUX when the IMUX signals it is connected to another IMUX (i.e., the session is connected).

DISA Rule

SV-55772r1_rule

Vulnerability Number

V-43043

Group Title

RTS-VTC 7380 [ISDN]

Rule Version

RTS-VTC 7380

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Obtain and install an approved EIA-366-A dial isolator unless there is no EIA-366-A connection between the CODEC and the IMUX and all dialing is performed from the IMUX.

Check Contents

Review the documentation to determine whether an approved EIA-366-A dial isolator is in place. DISN Video Services (DVS) maintains a list of A/B switches and dial isolators that have been TEMPEST certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls. If a dial isolator is not implemented and used, or the dial isolator is not on the list, this is a finding.

If there is no EIA-366-A connection between the CODEC and the IMUX and all dialing is performed from the IMUX, this is not a finding.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments