STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-8790r1_rule
V-8295
Deficient design: VVoIP addressing re: DISN VoSIP
VVoIP 5215 (LAN)
CAT III
10
Ensure customers of the DISN VoSIP service use IP addresses assigned to them by the DRSN/VoSIP PMO when defining the required dedicated address space for the VoIP controllers and endpoints within their secret C-LANs.
NOTE: This is similarly applicable to other classified DISN services and customer’s C-LANs.
NOTE: This is not a requirement in the event a VoIP based VVoIP communications system operated in a secret C-LAN has no need or potential need to use the worldwide DISN VoSIP service or have access the DRSN and communicate with other enclaves that do use the DISN service or have access the DRSN, they must utilize their own dedicated IP address space carved out of the address space assigned to their C-LANs by the SIPRNet PMO in accordance with the previously noted requirement.
NOTE: This requirement does not directly apply to dedicated hardware based IP - VTC systems using the C-LAN and SIPRNet for transport although there may be similar requirements to address this technology in the future.
Obtain and assign IP addresses as provided by the DRSN PMO- VoSIP department when defining the required dedicated address space on the LAN.
Interview the IAO to confirm compliance with the following requirement:
Ensure customers of the DISN VoSIP service use IP addresses assigned to them by the DRSN/VoSIP PMO when defining the required dedicated address space for the VoIP controllers and endpoints within their secret C-LANs.
NOTE: This is similarly applicable to other classified DISN services and customer’s C-LANs.
NOTE: This is not a requirement in the event a VoIP based VVoIP communications system operated in a secret C-LAN has no need or potential need to use the worldwide DISN VoSIP service or have access the DRSN and communicate with other enclaves that do use the DISN service or have access the DRSN, they must utilize their own dedicated IP address space carved out of the address space assigned to their C-LANs by the SIPRNet PMO in accordance with the previously noted requirement.
NOTE: This requirement does not directly apply to dedicated hardware based IP - VTC systems using the C-LAN and SIPRNet for transport although there may be similar requirements to address this technology in the future.
Determine the following:
Is the organization’s secret C-LAN connected to SIPRNet?
Does the organization’s secret C-LAN support VVoIP communications (Not dedicated IP based VTC)?
Does organization’s secret C-LAN VVoIP system interconnect with other enclaves using the DISN VoSIP service?
What address blocks are dedicated to the VVoIP system on the C-LAN?
Is there documented evidence that the DRSN/VoSIP PMO assigned these addresses to the organization or can such assignment be validated by other means?
This is a finding in the event the organization’s secret C-LAN supports VVoIP communications (Not dedicated IP based VTC) AND is connected to SIPRNet AND uses the DISN VoSIP service BUT DOES NOT use the DRSN/VoSIP PMO assigned address blocks when addressing all of the VVoIP system components.
V-8295
False
VVoIP 5215 (LAN)
Interview the IAO to confirm compliance with the following requirement:
Ensure customers of the DISN VoSIP service use IP addresses assigned to them by the DRSN/VoSIP PMO when defining the required dedicated address space for the VoIP controllers and endpoints within their secret C-LANs.
NOTE: This is similarly applicable to other classified DISN services and customer’s C-LANs.
NOTE: This is not a requirement in the event a VoIP based VVoIP communications system operated in a secret C-LAN has no need or potential need to use the worldwide DISN VoSIP service or have access the DRSN and communicate with other enclaves that do use the DISN service or have access the DRSN, they must utilize their own dedicated IP address space carved out of the address space assigned to their C-LANs by the SIPRNet PMO in accordance with the previously noted requirement.
NOTE: This requirement does not directly apply to dedicated hardware based IP - VTC systems using the C-LAN and SIPRNet for transport although there may be similar requirements to address this technology in the future.
Determine the following:
Is the organization’s secret C-LAN connected to SIPRNet?
Does the organization’s secret C-LAN support VVoIP communications (Not dedicated IP based VTC)?
Does organization’s secret C-LAN VVoIP system interconnect with other enclaves using the DISN VoSIP service?
What address blocks are dedicated to the VVoIP system on the C-LAN?
Is there documented evidence that the DRSN/VoSIP PMO assigned these addresses to the organization or can such assignment be validated by other means?
This is a finding in the event the organization’s secret C-LAN supports VVoIP communications (Not dedicated IP based VTC) AND is connected to SIPRNet AND uses the DISN VoSIP service BUT DOES NOT use the DRSN/VoSIP PMO assigned address blocks when addressing all of the VVoIP system components.
I
Denial of service; Lack of interoperability with other VoSIP enclaves
Information Assurance Officer
594