STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

The network IDS is not configured or implemented such that it can monitor the traffic to/from the required VVoIP firewall/EBC (function) as well as the traffic to/from the data firewall (function).

DISA Rule

SV-21739r1_rule

Vulnerability Number

V-19598

Group Title

Deficient design: NIDS protection for VVoIP

Rule Version

VVoIP 6125 (DISN-IPVS)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

In the event the VVoIP system within the enclave is interconnected with other VVoIP systems across the WAN, ensure the required internal Network IDS (NIDS) is implemented such that it monitors the traffic to/from both the data firewall (function) and the required VVoIP firewall/EBC (function).

NOTE: This is applicable whether the VVoIP system is integrated with the DISN IPVS or not.

Check Contents

Inspect the configurations and connections of the NIDS and the network elements to which it is (they are) connected to determine compliance with the requirement. Determine if the traffic to/from the VVoIP firewall is in deed monitored by the (or a) NIDS.

Vulnerability Number

V-19598

Documentable

False

Rule Version

VVoIP 6125 (DISN-IPVS)

Severity Override Guidance

Inspect the configurations and connections of the NIDS and the network elements to which it is (they are) connected to determine compliance with the requirement. Determine if the traffic to/from the VVoIP firewall is in deed monitored by the (or a) NIDS.

Check Content Reference

M

Potential Impact

Unauthorized and undetected access or compromise of the enclave or the services it supports

Responsibility

Information Assurance Officer

Target Key

594

Comments