STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-21735r1_rule
V-19594
Deficient C&A: VVoIP DISN Bndry in LAN C&A doc’n
VVoIP 6100 (DISN-IPVS)
CAT II
10
In the event the VVoIP system connects to the DISN WAN for VVoIP transport between enclaves, ensure the VVoIP system’s WAN connection and boundary as well as its components including as their upgrades and changes are included in the site’s enclave / LAN C&A documentation (i.e., the DIACAP Implementation Plan (DIP), System Identification Profile (SIP), Scorecard, etc).
Add the VVoIP WAN boundary and/or its modifications to the site’s enclave / LAN baseline and C&A documentation Obtain DAA approval for the updated documentation. Submit to the SRR team lead for validation and finding closure.
Interview the IAO to validate compliance with the following requirement:
In the event the VVoIP system connects to the DISN WAN for VVoIP transport between enclaves, ensure the VVoIP system’s WAN connection and boundary as well as its components including as their upgrades and changes are included in the site’s enclave / LAN C&A documentation (i.e., the DIACAP Implementation Plan (DIP), System Identification Profile (SIP), Scorecard, etc.).
> Review the baseline documentation and/or C&A documentation to verify that the VVoIP WAN boundary and/or modifications are included. Verify there is a procedure for approving changes to configuration.
V-19594
False
VVoIP 6100 (DISN-IPVS)
Interview the IAO to validate compliance with the following requirement:
In the event the VVoIP system connects to the DISN WAN for VVoIP transport between enclaves, ensure the VVoIP system’s WAN connection and boundary as well as its components including as their upgrades and changes are included in the site’s enclave / LAN C&A documentation (i.e., the DIACAP Implementation Plan (DIP), System Identification Profile (SIP), Scorecard, etc.).
> Review the baseline documentation and/or C&A documentation to verify that the VVoIP WAN boundary and/or modifications are included. Verify there is a procedure for approving changes to configuration.
I
The inability to effectively maintain the network or voice service and apply security policy and vulnerability mitigations. The inability for the DAA to understand the voice system’s and/or network’s security posture, threats, and vulnerabilities. The inability for the DAA to approve or accept the security risk of operating the system
Information Assurance Officer
594