STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: VVoIP session media must be encrypted to provide end-to-end interoperable confidentiality and integrity.

DISA Rule

SV-21492r3_rule

Vulnerability Number

V-19441

Group Title

VVoIP 6170

Rule Version

VVoIP 6170

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement VVoIP session media to be encrypted to provide end-to-end interoperable confidentiality and integrity. Fully document the implementation. Configure the VVoIP system components per the DoD APL IA deployment guide specific to the product being deployed.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Contents

Review site documentation to confirm VVoIP session media is encrypted to provide end-to-end interoperable confidentiality and integrity. The devices within the VVoIP system that must be protected are endpoints, media gateways, session mangers (gatekeepers, session controllers, soft switches, etc.), border elements (session border controllers, routers, firewalls, etc.), and other network devices involved in the session signaling. Session media encryption meeting UCR requirements must be implemented end-to-end.

If VVoIP session media is not encrypted to provide end-to-end interoperable confidentiality and integrity, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Vulnerability Number

V-19441

Documentable

False

Rule Version

VVoIP 6170

Severity Override Guidance

Review site documentation to confirm VVoIP session media is encrypted to provide end-to-end interoperable confidentiality and integrity. The devices within the VVoIP system that must be protected are endpoints, media gateways, session mangers (gatekeepers, session controllers, soft switches, etc.), border elements (session border controllers, routers, firewalls, etc.), and other network devices involved in the session signaling. Session media encryption meeting UCR requirements must be implemented end-to-end.

If VVoIP session media is not encrypted to provide end-to-end interoperable confidentiality and integrity, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Content Reference

M

Target Key

594

Comments