STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: VVoIP services over wireless IP networks must apply the Wireless STIG to the wireless service and endpoints.

DISA Rule

SV-8742r2_rule

Vulnerability Number

V-8256

Group Title

Enforce Wireless STIG

Rule Version

VVoIP 1035 (GENERAL)

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Apply requirements contained the Wireless STIG wherever VVoIP over wireless LAN (Wi-Fi 802.11x) or Wireless MAN (WiMAX 802.16) is used. Ensure the applicable endpoint and service related requirements contained in the Wireless STIG have been applied to the wireless VVoIP service and endpoints in addition to the applicable VVoIP STIG requirements.

Check Contents

Inspect the VVoIP site documentation to confirm VVoIP services over wireless IP networks apply the Wireless STIG to the wireless services and endpoints, specifically services used over a Wireless LAN (WLAN - Wi-Fi 802.11x) or Wireless MAN (WMAN - WiMAX 802.16) connection. Ensure the applicable endpoint and service related requirements contained in the Wireless STIG have been applied to the wireless VVoIP service and endpoints in addition to the applicable VVoIP STIG requirements.

Determine if the site has implemented or supports IP based wireless (802.11x or 802.16) VVoIP endpoints. If so this implies that there is a supporting WLAN and any applicable requirements in the Wireless STIG apply to the wireless VVoIP endpoints and service in addition to those in this checklist.

Obtain a copy of the Wireless SRR or Self-Assessment results and review for compliance. If SRR results are not available, then perform a wireless SRR on a representative number of wireless VVoIP endpoints and on the service.

Areas of primary concern are, but are not limited to the following:
- Is the endpoint an approved endpoint?
- Is the endpoint configured to support the required VVoIP endpoint, registration, authentication, and media/signaling encryption requirements?
- Is the endpoint configured to support the required WLAN access control, authentication, and encryption requirements?

If it is evident the appropriate STIGs have not been applied, this is a finding.

NOTE: Wireless endpoints in this case are typically going to be handheld devices such as a dedicated VVoIP only "cordless phone", a cellular phone with dual cellular and Wi-Fi (possibly including WiMAX) capabilities, or a PDA/PED with a UC soft client installed. However, the endpoints could also be desk phones and some could also support Bluetooth headsets, which are also covered in the Wireless STIG.

Vulnerability Number

V-8256

Documentable

False

Rule Version

VVoIP 1035 (GENERAL)

Severity Override Guidance

Inspect the VVoIP site documentation to confirm VVoIP services over wireless IP networks apply the Wireless STIG to the wireless services and endpoints, specifically services used over a Wireless LAN (WLAN - Wi-Fi 802.11x) or Wireless MAN (WMAN - WiMAX 802.16) connection. Ensure the applicable endpoint and service related requirements contained in the Wireless STIG have been applied to the wireless VVoIP service and endpoints in addition to the applicable VVoIP STIG requirements.

Determine if the site has implemented or supports IP based wireless (802.11x or 802.16) VVoIP endpoints. If so this implies that there is a supporting WLAN and any applicable requirements in the Wireless STIG apply to the wireless VVoIP endpoints and service in addition to those in this checklist.

Obtain a copy of the Wireless SRR or Self-Assessment results and review for compliance. If SRR results are not available, then perform a wireless SRR on a representative number of wireless VVoIP endpoints and on the service.

Areas of primary concern are, but are not limited to the following:
- Is the endpoint an approved endpoint?
- Is the endpoint configured to support the required VVoIP endpoint, registration, authentication, and media/signaling encryption requirements?
- Is the endpoint configured to support the required WLAN access control, authentication, and encryption requirements?

If it is evident the appropriate STIGs have not been applied, this is a finding.

NOTE: Wireless endpoints in this case are typically going to be handheld devices such as a dedicated VVoIP only "cordless phone", a cellular phone with dual cellular and Wi-Fi (possibly including WiMAX) capabilities, or a PDA/PED with a UC soft client installed. However, the endpoints could also be desk phones and some could also support Bluetooth headsets, which are also covered in the Wireless STIG.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments