STIGQter STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:

The Session Border Controller (SBC) must be configured to only process signaling packets whose integrity is validated.

DISA Rule

SV-21809r3_rule

Vulnerability Number

V-19668

Group Title

VVoIP 6315

Rule Version

VVoIP 6315

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure the DISN NIPRNet IPVS SBC is configured to only process signaling packets whose integrity is validated. The current Unified Capabilities Requirements (UCR) document specifies the hashing algorithm to be used during transmission.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Contents

Interview the ISSO to confirm compliance with the following requirement:

Ensure the DISN NIPRNet IPVS SBC is configured to only process signaling packets whose integrity is validated. Inspect the configurations of the EBC to determine compliance with the requirement.

If the SBC does not validate the integrity of the received signaling packets, this is a finding. If the SBC is not configured to drop packets whose integrity is not validated, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Vulnerability Number

V-19668

Documentable

False

Rule Version

VVoIP 6315

Severity Override Guidance

Interview the ISSO to confirm compliance with the following requirement:

Ensure the DISN NIPRNet IPVS SBC is configured to only process signaling packets whose integrity is validated. Inspect the configurations of the EBC to determine compliance with the requirement.

If the SBC does not validate the integrity of the received signaling packets, this is a finding. If the SBC is not configured to drop packets whose integrity is not validated, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Content Reference

M

Target Key

3407

Comments