STIGQter STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:

VVoIP component(s) are NOT addressed using the defined dedicated VVoIP system addresses

DISA Rule

SV-21769r2_rule

Vulnerability Number

V-19628

Group Title

Deficient imp’n: VVoIP addressing re: def’d range

Rule Version

VVoIP 5225

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure all VVoIP systems and components within the LAN (Enclave) are deployed using the using the dedicated VVoIP address space defined in the VVoIP system design for the given network type.

NOTE: This is applicable to the following:
> A closed unclassified LAN
> A unclassified LAN connected to a unclassified WAN such as the NIPRNet or Internet
> A closed classified LAN
> A classified LAN connected to a classified WAN (such as the SIPRNet).

NOTE: In the case of a classified WAN where network wide address based accountability or traceability is required by the network PMO, the PMO must provide a segregated, network wide address block(s) so that the attached classified LANs can meet this requirement.

Provide or use a dedicated address space for the VVoIP system that is segregated from the address space used for the general LAN, management VLANs, and other segregated services running on the LAN.

Use this address space when configuring VVoIP VLANs and when assigning addresses to VVoIP endpoints and core equipment.

Check Contents

Inspect data network scan results (or perform a scan of the data network) and look for the presence of VVoIP systems and endpoints.

Vulnerability Number

V-19628

Documentable

False

Rule Version

VVoIP 5225

Severity Override Guidance

Inspect data network scan results (or perform a scan of the data network) and look for the presence of VVoIP systems and endpoints.

Check Content Reference

M

Target Key

3407

Comments