STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: Enclaves with commercial VoIP connections must be approved by the DoDIN Waiver Panel and signed by DOD CIO for a permanent alternate connection to the Internet Telephony Service Provider (ITSP).

DISA Rule

SV-21747r1_rule

Vulnerability Number

V-19606

Group Title

VVoIP 7100 (ITSP)

Rule Version

VVoIP 7100 (ITSP)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Obtain approval by the DoDIN Waiver Panel and signature by the DOD CIO for a permanent “alternate connection” to the ITSP for any connection with a commercial VoIP provider (ITSP).

Check Contents

Inspect the VVoIP implementation system design for connections to commercial VoIP ITSP. If the ITSP is providing converged services or other services beyond SIP trunking, NET0160 applies.

The use cases applicable to this requirement:
Use Case 1: ITSP connections providing direct connection to the enclave’s DoD LAN.
Use Case 2: ITSP connections providing a SIP trunk terminating on a media gateway that provides TDM trunks or POTS lines to traditional non-VoIP PBX, key system, or individual end instrument.
Use Case 3: ITSP connections terminating on a separate LAN from the enclave’s DoD LAN supporting a separate VoIP system.
Use Case 4: ITSP connections providing service over any approved ISP gateway.

If any enclave connects with commercial VoIP provider (ITSP) and is not approved by the DoDIN Waiver Panel, this is a finding. If the DOD CIO has not signed for a permanent “alternate connection” to the ITSP, this is a finding.

NOTE: This connection will be a permanent connection and should be designated or recognized as such in the approval documentation since most such approvals are for temporary connections.

Vulnerability Number

V-19606

Documentable

False

Rule Version

VVoIP 7100 (ITSP)

Severity Override Guidance

Inspect the VVoIP implementation system design for connections to commercial VoIP ITSP. If the ITSP is providing converged services or other services beyond SIP trunking, NET0160 applies.

The use cases applicable to this requirement:
Use Case 1: ITSP connections providing direct connection to the enclave’s DoD LAN.
Use Case 2: ITSP connections providing a SIP trunk terminating on a media gateway that provides TDM trunks or POTS lines to traditional non-VoIP PBX, key system, or individual end instrument.
Use Case 3: ITSP connections terminating on a separate LAN from the enclave’s DoD LAN supporting a separate VoIP system.
Use Case 4: ITSP connections providing service over any approved ISP gateway.

If any enclave connects with commercial VoIP provider (ITSP) and is not approved by the DoDIN Waiver Panel, this is a finding. If the DOD CIO has not signed for a permanent “alternate connection” to the ITSP, this is a finding.

NOTE: This connection will be a permanent connection and should be designated or recognized as such in the approval documentation since most such approvals are for temporary connections.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments