STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-8742r2_rule
V-8256
Enforce Wireless STIG
VVoIP 1035 (GENERAL)
CAT III
10
Apply requirements contained the Wireless STIG wherever VVoIP over wireless LAN (Wi-Fi 802.11x) or Wireless MAN (WiMAX 802.16) is used. Ensure the applicable endpoint and service related requirements contained in the Wireless STIG have been applied to the wireless VVoIP service and endpoints in addition to the applicable VVoIP STIG requirements.
Inspect the VVoIP site documentation to confirm VVoIP services over wireless IP networks apply the Wireless STIG to the wireless services and endpoints, specifically services used over a Wireless LAN (WLAN - Wi-Fi 802.11x) or Wireless MAN (WMAN - WiMAX 802.16) connection. Ensure the applicable endpoint and service related requirements contained in the Wireless STIG have been applied to the wireless VVoIP service and endpoints in addition to the applicable VVoIP STIG requirements.
Determine if the site has implemented or supports IP based wireless (802.11x or 802.16) VVoIP endpoints. If so this implies that there is a supporting WLAN and any applicable requirements in the Wireless STIG apply to the wireless VVoIP endpoints and service in addition to those in this checklist.
Obtain a copy of the Wireless SRR or Self-Assessment results and review for compliance. If SRR results are not available, then perform a wireless SRR on a representative number of wireless VVoIP endpoints and on the service.
Areas of primary concern are, but are not limited to the following:
- Is the endpoint an approved endpoint?
- Is the endpoint configured to support the required VVoIP endpoint, registration, authentication, and media/signaling encryption requirements?
- Is the endpoint configured to support the required WLAN access control, authentication, and encryption requirements?
If it is evident the appropriate STIGs have not been applied, this is a finding.
NOTE: Wireless endpoints in this case are typically going to be handheld devices such as a dedicated VVoIP only "cordless phone", a cellular phone with dual cellular and Wi-Fi (possibly including WiMAX) capabilities, or a PDA/PED with a UC soft client installed. However, the endpoints could also be desk phones and some could also support Bluetooth headsets, which are also covered in the Wireless STIG.
V-8256
False
VVoIP 1035 (GENERAL)
Inspect the VVoIP site documentation to confirm VVoIP services over wireless IP networks apply the Wireless STIG to the wireless services and endpoints, specifically services used over a Wireless LAN (WLAN - Wi-Fi 802.11x) or Wireless MAN (WMAN - WiMAX 802.16) connection. Ensure the applicable endpoint and service related requirements contained in the Wireless STIG have been applied to the wireless VVoIP service and endpoints in addition to the applicable VVoIP STIG requirements.
Determine if the site has implemented or supports IP based wireless (802.11x or 802.16) VVoIP endpoints. If so this implies that there is a supporting WLAN and any applicable requirements in the Wireless STIG apply to the wireless VVoIP endpoints and service in addition to those in this checklist.
Obtain a copy of the Wireless SRR or Self-Assessment results and review for compliance. If SRR results are not available, then perform a wireless SRR on a representative number of wireless VVoIP endpoints and on the service.
Areas of primary concern are, but are not limited to the following:
- Is the endpoint an approved endpoint?
- Is the endpoint configured to support the required VVoIP endpoint, registration, authentication, and media/signaling encryption requirements?
- Is the endpoint configured to support the required WLAN access control, authentication, and encryption requirements?
If it is evident the appropriate STIGs have not been applied, this is a finding.
NOTE: Wireless endpoints in this case are typically going to be handheld devices such as a dedicated VVoIP only "cordless phone", a cellular phone with dual cellular and Wi-Fi (possibly including WiMAX) capabilities, or a PDA/PED with a UC soft client installed. However, the endpoints could also be desk phones and some could also support Bluetooth headsets, which are also covered in the Wireless STIG.
M
Information Assurance Officer
594