STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

The VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network must be scanned to confirm protections in place are effective.

DISA Rule

SV-75805r1_rule

Vulnerability Number

V-61325

Group Title

VVoIP 5420

Rule Version

VVoIP 5420

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement and document that the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has been scanned to confirm protections in place are effective. Validate the effectiveness of the boundary protection on an annual basis.

Check Contents

Review site documentation to confirm that the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has been scanned to confirm protections in place are effective. Validate the effectiveness of the boundary protection ACLs by performing network vulnerability scans as follows:
- Scan the entire DISN management network (e.g., RTS EMS, ADIMSS, ARDIMSS, or DCN) address space from an unused randomly selected IP address on the local management network.
- Scan the entire local management network address space from an unused randomly selected IP address on the DISN management network.

If the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has not been scanned to confirm protections in place are effective, this is a finding. If the network vulnerability scan receives a response from any host on either network, this is a finding.

Vulnerability Number

V-61325

Documentable

False

Rule Version

VVoIP 5420

Severity Override Guidance

Review site documentation to confirm that the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has been scanned to confirm protections in place are effective. Validate the effectiveness of the boundary protection ACLs by performing network vulnerability scans as follows:
- Scan the entire DISN management network (e.g., RTS EMS, ADIMSS, ARDIMSS, or DCN) address space from an unused randomly selected IP address on the local management network.
- Scan the entire local management network address space from an unused randomly selected IP address on the DISN management network.

If the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has not been scanned to confirm protections in place are effective, this is a finding. If the network vulnerability scan receives a response from any host on either network, this is a finding.

Check Content Reference

M

Target Key

594

Comments