STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

A Call Center or Computer Telephony Integration (CTI) system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary.

DISA Rule

SV-17086r2_rule

Vulnerability Number

V-16098

Group Title

VVoIP 1025

Rule Version

VVoIP 1025

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement a Call Center or CTI system using soft clients to be segregated into a protected enclave and limit traffic traversing the boundary.

Check Contents

Review the site documentation to confirm a Call Center or CTI system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary. When a Call Center / CTI system/application (e.g., call center, helpdesk, operators console, E911 system, etc.) using soft clients are approved for use in the strategic LAN, ensure the following:
- The supporting network is configured as a closed enclave or a segregated and access controlled sub-enclave having appropriate boundary protection between it and the local general business LAN or external WAN.
- In the event the CTI application accesses resources outside this enclave and there is the potential of the application being compromised from external sources, the supporting network is configured to provide separate voice and data zones and maintains separation of voice and data traffic per the VoIP STIG if technically feasible (i.e., such separation does not break the CTI application or there is another compelling reason).
- The supporting network enclave and boundary protection is configured in substantial compliance with the Enclave, Network Infrastructure, and VoIP STIGs.
- The CTI application/enclave (e.g., a call center application) is supported by a dedicated VoIP controller.

If a Call Center or CTI system using soft clients is not segregated into a protected enclave and limit traffic traversing the boundary, this is a finding.

Vulnerability Number

V-16098

Documentable

False

Rule Version

VVoIP 1025

Severity Override Guidance

Review the site documentation to confirm a Call Center or CTI system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary. When a Call Center / CTI system/application (e.g., call center, helpdesk, operators console, E911 system, etc.) using soft clients are approved for use in the strategic LAN, ensure the following:
- The supporting network is configured as a closed enclave or a segregated and access controlled sub-enclave having appropriate boundary protection between it and the local general business LAN or external WAN.
- In the event the CTI application accesses resources outside this enclave and there is the potential of the application being compromised from external sources, the supporting network is configured to provide separate voice and data zones and maintains separation of voice and data traffic per the VoIP STIG if technically feasible (i.e., such separation does not break the CTI application or there is another compelling reason).
- The supporting network enclave and boundary protection is configured in substantial compliance with the Enclave, Network Infrastructure, and VoIP STIGs.
- The CTI application/enclave (e.g., a call center application) is supported by a dedicated VoIP controller.

If a Call Center or CTI system using soft clients is not segregated into a protected enclave and limit traffic traversing the boundary, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

594

Comments