STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

The sites enclave boundary protection must route commercial VoIP traffic via a local Media Gateway (MG) connected to a commercial service provider using PRI, CAS, or POTS analog trunks.

DISA Rule

SV-21733r2_rule

Vulnerability Number

V-19592

Group Title

VVoIP 1015

Rule Version

VVoIP 1015

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure all VVoIP system access to/from commercial dialup services (voice, video, fax, data) is via a locally implemented MG using a PRI, CAS, or POTS analog trunk to a commercial service provider.

NOTE: Trunks that support SS7 signaling and SS7 based signaling between a DoD network and a non DOD network is prohibited.

Check Contents

If the site is small and has POTS lines terminated on individual phones, a dedicated key system, or a PBX, all of which are separate from the DoD VVoIP system, this is Not Applicable.

If the site is subtended to an enclave with approved IP voice services providing commercial service, this is Not Applicable.

Verify all VVoIP system access to/from commercial dialup services (voice, video, fax, data) is via a local MG using a PRI, CAS, or POTS analog trunk to a commercial service provider.

If the site is not connected to the PSTN via a MG located within the local site enclave as described above, this is a finding.

NOTE: Trunks that support SS7 signaling and SS7 based signaling between a DoD network and a non-DOD network is prohibited.

Vulnerability Number

V-19592

Documentable

False

Rule Version

VVoIP 1015

Severity Override Guidance

If the site is small and has POTS lines terminated on individual phones, a dedicated key system, or a PBX, all of which are separate from the DoD VVoIP system, this is Not Applicable.

If the site is subtended to an enclave with approved IP voice services providing commercial service, this is Not Applicable.

Verify all VVoIP system access to/from commercial dialup services (voice, video, fax, data) is via a local MG using a PRI, CAS, or POTS analog trunk to a commercial service provider.

If the site is not connected to the PSTN via a MG located within the local site enclave as described above, this is a finding.

NOTE: Trunks that support SS7 signaling and SS7 based signaling between a DoD network and a non-DOD network is prohibited.

Check Content Reference

M

Target Key

594

Comments