STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:

The Customer Edge Router (CE-R) must expedite forwarding of VVoIP packets based on Differential Service Code Point (DSCP) packet marking.

DISA Rule

SV-21803r4_rule

Vulnerability Number

V-19662

Group Title

VVoIP 6205

Rule Version

VVoIP 6205

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Implement the CE-R to expedite forwarding of VVoIP packets based on DSCP packet marking.

NOTE: The CE-R must allow traditional SIP and SRTP traffic, and traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Contents

Review site documentation to confirm the CE-R expedites forwarding of VVoIP packets based on DSCP packet marking. When the VVoIP system connects to the DISN WAN for VVoIP transport between enclaves and the system provides Assured Services to any C2 user (Special-C2, C2, or C2-R), the required CE-R must expedite forwarding of VVoIP packets based on DSCP packet marking in accordance with the DISN IPVS DSCP marking plan. Proper DSCP marking provides appropriate QoS for C2 priority calls in support of Assured Service.

If the CE-R does not expedite forwarding of VVoIP packets based on DSCP packet marking, this is a finding.

NOTE: The CE-R must allow traditional SIP and SRTP traffic, and traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

The Customer Edge Router (CE-R) must expedite forwarding of VVoIP packets based on Differential Service Code Point (DSCP) packet marking.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments