STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

VVoIP endpoint configuration files transferred via Cisco TFTP must be encrypted and signed using DoD PKI certificates.

DISA Rule

SV-60611r1_rule

Vulnerability Number

V-47735

Group Title

VVoIP 1410

Rule Version

VVoIP 1410 (GENERAL)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the VVoIP endpoint configuration files transferred via Cisco TFTP to be encrypted and signed using DoD PKI certificates. Refer to the “CISCO-UCM-TFTP” Vulnerability Analysis report provided by the Protocols, Ports, and Services management site for more details.

Check Contents

Interview the IAO to confirm compliance with the following requirement:
Verify VVoIP endpoint configuration files transferred via Cisco TFTP are encrypted and signed using DoD PKI certificates.

NOTE: This requirement is not applicable to systems that do not use Cisco TFTP.

Vulnerability Number

V-47735

Documentable

False

Rule Version

VVoIP 1410 (GENERAL)

Severity Override Guidance

Interview the IAO to confirm compliance with the following requirement:
Verify VVoIP endpoint configuration files transferred via Cisco TFTP are encrypted and signed using DoD PKI certificates.

NOTE: This requirement is not applicable to systems that do not use Cisco TFTP.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments