STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-8789r2_rule
V-8294
VVoIP 5210
VVoIP 5210
CAT III
10
Implement in the VVoIP system design, DHCP servers for VVoIP system component and endpoint IP address assignment and configuration. The design must use a different DHCP server for VVoIP than for data components and hosts. These servers must reside in the VVoIP address space and VLAN.
Voice Video soft clients and associate Unified Capabilities (UC) applications residing on workstations will, by default, utilize the workstation IP information from the data DHCP server, unless the workstation and soft client is capable of multiple VLANs, and the soft client is assigned to the VVoIP VLAN. The soft client residing in the Voice Video VLAN is preferred.
Design preference for the VVoIP DHCP server shall be given to the following order of preference:
- A dedicated device
- A function of the VVoIP session manager (LSC/MFSS)
- A function of other VVoIP related server
- An infrastructure router inside the VVoIP network space
NOTE: The Network Infrastructure STIG precludes the implementation of a DHCP server on a perimeter router.
Verify the VVoIP system design uses DHCP for VVoIP system component IP address assignment and configuration, to include core components and endpoints. Ensure the design incorporates a different DHCP server than used for data system components and hosts. Confirm these servers reside in their respective voice or data address space and VLAN.
Voice Video soft clients and associate Unified Capabilities (UC) applications residing on workstations will, by default, utilize the workstation IP information from the data DHCP server, unless the workstation and soft client is capable of multiple VLANs, and the soft client is assigned to the VVoIP VLAN. The soft client residing in the Voice Video VLAN is preferred.
If the VVoIP system design does not use DHCP for VVoIP system component IP address assignment and configuration, this is a finding.
If the VVoIP system design does not use DHCP for VVoIP endpoint IP address assignment and configuration, this is a finding.
If the DHCP servers or scopes are not dedicated to the VVoIP system (separate from the data system and host DHCP server), this is a finding.
If the DHCP server is not deployed in the core VVoIP VLAN with an appropriate IP address within the dedicated VVoIP address space, this is a finding.
V-8294
False
VVoIP 5210
Verify the VVoIP system design uses DHCP for VVoIP system component IP address assignment and configuration, to include core components and endpoints. Ensure the design incorporates a different DHCP server than used for data system components and hosts. Confirm these servers reside in their respective voice or data address space and VLAN.
Voice Video soft clients and associate Unified Capabilities (UC) applications residing on workstations will, by default, utilize the workstation IP information from the data DHCP server, unless the workstation and soft client is capable of multiple VLANs, and the soft client is assigned to the VVoIP VLAN. The soft client residing in the Voice Video VLAN is preferred.
If the VVoIP system design does not use DHCP for VVoIP system component IP address assignment and configuration, this is a finding.
If the VVoIP system design does not use DHCP for VVoIP endpoint IP address assignment and configuration, this is a finding.
If the DHCP servers or scopes are not dedicated to the VVoIP system (separate from the data system and host DHCP server), this is a finding.
If the DHCP server is not deployed in the core VVoIP VLAN with an appropriate IP address within the dedicated VVoIP address space, this is a finding.
M
594