STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

Two hours of backup power must be provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support Immediate or Priority precedence C2 users.

DISA Rule

SV-72381r2_rule

Vulnerability Number

V-57951

Group Title

VVoIP 1222

Rule Version

VVoIP 1222 (C2)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure an UPS system is provided for all parts of the VVoIP infrastructure, including the core LSC/MFSS, adjunct systems providing critical services, SBC, CER, LAN elements, and endpoints. All VVoIP system devices including voice endpoints and portions of the LAN that directly support one or more C2 users must be minimally provided 2 hours UPS. Document the VVoIP system design with UPS implementation.

Note: UPS systems supplying power to infrastructure supporting special-C2 and C2 users must also support environmental power to prevent equipment failures. This support must be commensurate with the users supported (8 or 2 hours as appropriate).

Check Contents

Inspect the VVoIP system design for evidence of continuous backup power to the infrastructure and command and control (C2) users. Ensure a UPS system is provided for all parts of the VVoIP infrastructure, including the core LSC/MFSS, adjunct systems providing critical services, SBC, CER, LAN elements, and endpoints as follows:
- All VVoIP system devices including portions of the LAN that directly support one or more C2 users are minimally provided 2 hours UPS.
- All C2 user VVoIP endpoints relying on Power over Ethernet (PoE) must have power sourcing equipment (PSE) sized to support the asset and endpoints by the UPS for a minimum 2 hours.
- All C2 user VVoIP endpoints without PoE must be minimally provided 2 hours UPS.
- UPS systems (battery at a minimum; plus optional generator) supplying power to infrastructure that supports special-C2 and C2 users must also support environmental power (HVAC) such that equipment failures are prevented.
- In no case should a UPS system immediately, or within a short time, drop power to the supported equipment when primary power is removed. This would indicate an undersized or defective UPS unit.

Determine if the infrastructure assets being reviewed directly support one or more C2 users. If no C2 users are supported, this requirement is not applicable. If C2 users are supported, determine if assets are provided with 2 hours of backup power. If 2 hours of backup power is not provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support C2 users, this is a finding.

Vulnerability Number

V-57951

Documentable

False

Rule Version

VVoIP 1222 (C2)

Severity Override Guidance

Inspect the VVoIP system design for evidence of continuous backup power to the infrastructure and command and control (C2) users. Ensure a UPS system is provided for all parts of the VVoIP infrastructure, including the core LSC/MFSS, adjunct systems providing critical services, SBC, CER, LAN elements, and endpoints as follows:
- All VVoIP system devices including portions of the LAN that directly support one or more C2 users are minimally provided 2 hours UPS.
- All C2 user VVoIP endpoints relying on Power over Ethernet (PoE) must have power sourcing equipment (PSE) sized to support the asset and endpoints by the UPS for a minimum 2 hours.
- All C2 user VVoIP endpoints without PoE must be minimally provided 2 hours UPS.
- UPS systems (battery at a minimum; plus optional generator) supplying power to infrastructure that supports special-C2 and C2 users must also support environmental power (HVAC) such that equipment failures are prevented.
- In no case should a UPS system immediately, or within a short time, drop power to the supported equipment when primary power is removed. This would indicate an undersized or defective UPS unit.

Determine if the infrastructure assets being reviewed directly support one or more C2 users. If no C2 users are supported, this requirement is not applicable. If C2 users are supported, determine if assets are provided with 2 hours of backup power. If 2 hours of backup power is not provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support C2 users, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments