STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-8713r3_rule
V-8227
VVoIP 5200
VVoIP 5200
CAT II
10
Implement VVoIP systems and components on a logically segregated and dedicated VVoIP network. Ensure dedicated address blocks or ranges are defined for the VVoIP system, separate from the address blocks used for non-VVoIP system devices thus allowing traffic and access control using firewalls and router ACLs.
This requirement applies to the following:
- A closed unclassified LAN.
- An unclassified LAN connected to an unclassified WAN (such as the NIPRNet or Internet).
- A closed classified LAN.
- A classified LAN connected to a classified WAN (such as the SIPRNet).
Verify a dedicated address block is defined for the VVoIP system separate from the address blocks used by non-VVoIP system devices, ensuring traffic and access control using firewalls and router ACLs.
If the LAN under review is a closed unclassified LAN, an unclassified LAN connected to an unclassified WAN (such as the NIPRNet or Internet), a closed classified LAN, or a classified LAN connected to a classified WAN (such as the SIPRNet), this requirement is applicable. In the case of a classified WAN where network wide address based accountability or traceability is required by the network PMO, the PMO must provide segregated, network wide address blocks so that the attached classified LANs meet this requirement.
Affected devices include core and adjunct components, including session managers, session border controller (SBC), media and signaling gateway interfaces, customer edge (premise) router internal interface to the Voice Video VLANs, associated UC components, and VVoIP hardware endpoints.
If a dedicated LAN address block is not designated for the VVoIP system, separated from the address space used for the general LAN and management VLANs, this is a finding.
V-8227
False
VVoIP 5200
Verify a dedicated address block is defined for the VVoIP system separate from the address blocks used by non-VVoIP system devices, ensuring traffic and access control using firewalls and router ACLs.
If the LAN under review is a closed unclassified LAN, an unclassified LAN connected to an unclassified WAN (such as the NIPRNet or Internet), a closed classified LAN, or a classified LAN connected to a classified WAN (such as the SIPRNet), this requirement is applicable. In the case of a classified WAN where network wide address based accountability or traceability is required by the network PMO, the PMO must provide segregated, network wide address blocks so that the attached classified LANs meet this requirement.
Affected devices include core and adjunct components, including session managers, session border controller (SBC), media and signaling gateway interfaces, customer edge (premise) router internal interface to the Voice Video VLANs, associated UC components, and VVoIP hardware endpoints.
If a dedicated LAN address block is not designated for the VVoIP system, separated from the address space used for the general LAN and management VLANs, this is a finding.
M
594