STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-21737r2_rule
V-19596
VVoIP 6115
VVoIP 6115
CAT II
10
For VVoIP systems subscribed to the DISN NIPRNet IPVS network, ensure the boundary design includes one or more DoD APL listed CE-R(s) terminating the DISN access circuits. The CE-R must be robust/reliable and provide QOS features and capabilities as required by the UCR for the specific type of site.
NOTE: If the DISN access circuits are dual homed, dual CERs should be implemented unless a single CER can provide uninterrupted (5 9s) connectivity to the DISN.
NOTE: In the future this requirement may be applicable (with some modification) to the DISN SIPRNet IPVS (VoSIP) network when the PMO adopts the DISN NIPRNet IPVS architecture.
NOTE: The CE-R must allow traditional SIP and SRTP traffic, and traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Interview the ISSO to confirm compliance with the following requirement:
For VVoIP systems subscribed to the DISN NIPRNet IPVS network, ensure the boundary design includes one or more DoD APL listed CE-R(s) terminating the DISN access circuits. The CE-R must be robust/reliable and provide QOS features and capabilities as required by the UCR for the specific type of site.
NOTE: If the DISN access circuits are dual homed, dual CE-Rs should be implemented unless a single CE-R can provide uninterrupted (5 9s) connectivity to the DISN.
NOTE: In the future this requirement may be applicable (with some modification) to the DISN SIPRNet IPVS (VoSIP) network when the PMO adopts the DISN NIPRNet IPVS architecture.
NOTE: The CE-R must allow traditional SIP and SRTP traffic, and traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Determine, through interview and/or physical inspection, the specific make, model, and OS version of the CER. Access the DoD APL websites at listed below:
https://www.disa.mil/network-services/ucco
https://aplits.disa.mil/apl/
https://www.disa.mil/Network-Services/UCCO/APL-Removal-List
Verify all installed CE-Rs and software load (OS) versions are listed.
If all installed CE-Rs and software load (OS) versions are not listed, this is a finding.
V-19596
False
VVoIP 6115
Interview the ISSO to confirm compliance with the following requirement:
For VVoIP systems subscribed to the DISN NIPRNet IPVS network, ensure the boundary design includes one or more DoD APL listed CE-R(s) terminating the DISN access circuits. The CE-R must be robust/reliable and provide QOS features and capabilities as required by the UCR for the specific type of site.
NOTE: If the DISN access circuits are dual homed, dual CE-Rs should be implemented unless a single CE-R can provide uninterrupted (5 9s) connectivity to the DISN.
NOTE: In the future this requirement may be applicable (with some modification) to the DISN SIPRNet IPVS (VoSIP) network when the PMO adopts the DISN NIPRNet IPVS architecture.
NOTE: The CE-R must allow traditional SIP and SRTP traffic, and traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Determine, through interview and/or physical inspection, the specific make, model, and OS version of the CER. Access the DoD APL websites at listed below:
https://www.disa.mil/network-services/ucco
https://aplits.disa.mil/apl/
https://www.disa.mil/Network-Services/UCCO/APL-Removal-List
Verify all installed CE-Rs and software load (OS) versions are listed.
If all installed CE-Rs and software load (OS) versions are not listed, this is a finding.
M
594