STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

When 802.1x is implemented and the voice video endpoint PC ports are disabled, the network access switch port must be configured to support a disabled PC port by configuring PC port traffic to the unused VLAN.

DISA Rule

SV-21792r3_rule

Vulnerability Number

V-19651

Group Title

VVoIP 5320

Rule Version

VVoIP 5320

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement and document that when 802.1x is implemented and the voice video endpoint PC ports are disabled, the network access switch port is configured to support a disabled PC port by sending PC port traffic to the unused VLAN.

Do not statically assign the switch port to the voice video VLAN.

Check Contents

If the voice video endpoints do not contain a PC port, this is not applicable.

Review site documentation to confirm that when 802.1x is implemented and the voice video endpoint PC ports are disabled, the network access switch port is configured to support a disabled PC port by configuring PC port traffic to the unused VLAN.

If 802.1x is implemented, the voice video endpoint PC ports are disabled, and the network access switch port is not configured to support a disabled PC port by configuring PC port traffic to the unused VLAN, this is a finding.

The voice video endpoint network access switch port normally is configured with a VVoIP VLAN for the VVoIP traffic. This is IAW and supports the NI STIG requirement NET1435.

Vulnerability Number

V-19651

Documentable

False

Rule Version

VVoIP 5320

Severity Override Guidance

If the voice video endpoints do not contain a PC port, this is not applicable.

Review site documentation to confirm that when 802.1x is implemented and the voice video endpoint PC ports are disabled, the network access switch port is configured to support a disabled PC port by configuring PC port traffic to the unused VLAN.

If 802.1x is implemented, the voice video endpoint PC ports are disabled, and the network access switch port is not configured to support a disabled PC port by configuring PC port traffic to the unused VLAN, this is a finding.

The voice video endpoint network access switch port normally is configured with a VVoIP VLAN for the VVoIP traffic. This is IAW and supports the NI STIG requirement NET1435.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments