STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-21740r2_rule
V-19599
VVoIP 6130
VVoIP 6130
CAT II
10
For VVoIP systems within the enclave integrated with the unclassified or classified DISN IPVS network, ensure the system is designed to include at least one LSC, ESC, or MFSS for session control within the enclave.
NOTE: The LSC/ESC (one or more per site) manages local endpoint registration and calls established to/from local endpoints and facilities. Also manages calls into and out of the enclave. The MFSS (one per site and potentially a backup LSC/ESC) performs session control functions for its site and provides signaling management for a regional set of session controllers. An MFSS is a backbone device and is only required at DISN IPVS PMO designated locations.
NOTE: The LSC and MFSS are robust/reliable and provide admission control, and QoS features / capabilities as required by the UCR.
NOTE: The session controllers may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Interview the ISSO to confirm compliance with the following requirement:
For VVoIP systems within the enclave integrated with the unclassified or classified DISN IPVS network, ensure the system is designed to include at least one LSC, ESC, or MFSS for session control within the enclave.
NOTE: The LSC/ESC (one or more per site) manages local endpoint registration and calls established to/from local endpoints and facilities. Also manages calls into and out of the enclave. The MFSS (one per site and potentially a backup LSC/ESC) performs session control functions for its site and provides signaling management for a regional set of session controllers. An MFSS is a backbone device and is only required at DISN IPVS PMO designated locations.
NOTE: The LSC and MFSS are robust/reliable and provide admission control, and QoS features / capabilities as required by the UCR.
NOTE: The session controllers may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Determine, through interview and/or physical inspection, the specific make, model, and OS version of all LSCs, ESCs, and MFSS. Access the DoD APL websites at listed below:
https://www.disa.mil/network-services/ucco
https://aplits.disa.mil/apl/
https://www.disa.mil/Network-Services/UCCO/APL-Removal-List
Verify all installed LSCs, ESCs, and MFSS and software load (OS) versions are listed.
If all installed LSCs, ESCs, and MFSS and software load (OS) versions are not listed, this is a finding.
V-19599
False
VVoIP 6130
Interview the ISSO to confirm compliance with the following requirement:
For VVoIP systems within the enclave integrated with the unclassified or classified DISN IPVS network, ensure the system is designed to include at least one LSC, ESC, or MFSS for session control within the enclave.
NOTE: The LSC/ESC (one or more per site) manages local endpoint registration and calls established to/from local endpoints and facilities. Also manages calls into and out of the enclave. The MFSS (one per site and potentially a backup LSC/ESC) performs session control functions for its site and provides signaling management for a regional set of session controllers. An MFSS is a backbone device and is only required at DISN IPVS PMO designated locations.
NOTE: The LSC and MFSS are robust/reliable and provide admission control, and QoS features / capabilities as required by the UCR.
NOTE: The session controllers may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.
Determine, through interview and/or physical inspection, the specific make, model, and OS version of all LSCs, ESCs, and MFSS. Access the DoD APL websites at listed below:
https://www.disa.mil/network-services/ucco
https://aplits.disa.mil/apl/
https://www.disa.mil/Network-Services/UCCO/APL-Removal-List
Verify all installed LSCs, ESCs, and MFSS and software load (OS) versions are listed.
If all installed LSCs, ESCs, and MFSS and software load (OS) versions are not listed, this is a finding.
M
594