STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-17084r3_rule
V-16096
VVoIP 1720
VVoIP 1720
CAT II
10
Ensure the responsible AO approves the use of UC soft clients in the strategic LAN along with the measures implemented to protect UC soft clients and the local VoIP and data infrastructure. Approval must be provided in writing and will be maintained by the ISSO for inspection by IA reviewers or auditors. UC soft clients do not provide assured services and therefore cannot be used as the primary method of communications for those personnel requiring assured services.
When limited numbers of UC soft clients are to be implemented in the strategic LAN, obtain written approval from the responsible AO along with approval for the measures implemented to protect these UC soft clients and the local VoIP and data infrastructure. Alternately remove the UC soft clients from the LAN.
Ensure the responsible AO approves the use of limited numbers of UC soft clients in the strategic LAN along with the measures implemented to protect these UC soft clients and the local VoIP and data infrastructure. Approval will be provided in writing and will be maintained by the ISSO for inspection by IA reviewers or auditors.
When limited numbers of UC soft clients associated with the local VoIP system are implemented in the strategic LAN, a separate VLAN structure must be implemented for them. Implementation of a VLAN must not provide a bridge between the VoIP and data VLANs. Traffic must be filtered such that the UC soft client’s VoIP traffic is routed to the VoIP VLAN while all other traffic is routed to the data VLAN. A separate NIC is not required to support VLANs for voice and video segmentation under UC.
NOTE: Limited numbers in this scenario means as few as possible, but may mean 25 or 30 percent of the overall PCs on the LAN. Beyond this percentage, the protections afforded by this implementation become limited or negated because of the large number of PCs in the UC soft client VLAN.
Determine if limited numbers of UC soft clients are permitted to operate or are implemented in the strategic LAN. If so, review the written AO approval for the implementation. If limited numbers of UC soft clients are to be implemented in the strategic LAN without written AO approval for the implementation, this is a finding.
V-16096
False
VVoIP 1720
Ensure the responsible AO approves the use of limited numbers of UC soft clients in the strategic LAN along with the measures implemented to protect these UC soft clients and the local VoIP and data infrastructure. Approval will be provided in writing and will be maintained by the ISSO for inspection by IA reviewers or auditors.
When limited numbers of UC soft clients associated with the local VoIP system are implemented in the strategic LAN, a separate VLAN structure must be implemented for them. Implementation of a VLAN must not provide a bridge between the VoIP and data VLANs. Traffic must be filtered such that the UC soft client’s VoIP traffic is routed to the VoIP VLAN while all other traffic is routed to the data VLAN. A separate NIC is not required to support VLANs for voice and video segmentation under UC.
NOTE: Limited numbers in this scenario means as few as possible, but may mean 25 or 30 percent of the overall PCs on the LAN. Beyond this percentage, the protections afforded by this implementation become limited or negated because of the large number of PCs in the UC soft client VLAN.
Determine if limited numbers of UC soft clients are permitted to operate or are implemented in the strategic LAN. If so, review the written AO approval for the implementation. If limited numbers of UC soft clients are to be implemented in the strategic LAN without written AO approval for the implementation, this is a finding.
M
Information Assurance Manager
594