Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be TEMPEST certified.
Committee on National Security Systems Advisory Memorandum (CNSSAM) TEMPEST/01-13, RED/BLACK Installation Guidance, provides criteria for the installation of electronic equipment, cabling, and faci...Rule Low Severity -
SRG-VOIP-000200
Group -
SRG-VOIP-000210
Group -
SRG-VOIP-000220
Group -
Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over nonsecure systems.
Speakers used with Voice Video systems and devices may be heard by people and microphones with no relationship to the conference or call in progress. In open areas, conference audio may be overhear...Rule Medium Severity -
SRG-VOIP-000230
Group -
SRG-VOIP-000240
Group -
SRG-VOIP-000250
Group -
Voice networks must not be bridged via a Unified Capability (UC) soft client accessory.
While a headset, microphone, or webcam can be considered to be UC soft client accessories, these are also accessories for other collaboration and communications applications. This discussion rela...Rule Medium Severity -
SRG-VOIP-000260
Group -
When soft-phones are implemented as the primary voice endpoint in the user's workspace, a policy must be defined to supplement with physical hardware-based phones near all such workspaces.
This and several other requirements discuss the implementation of PC soft-phones or UC applications as the primary and only communications device in the user's workspace. While this degrades the ...Rule Medium Severity -
SRG-VOIP-000270
Group -
Implementing Unified Capabilities (UC) soft clients as the primary voice endpoint must have authorizing official (AO) approval.
The AO responsible for the implementation of a voice system that uses UC soft clients for its endpoints must be made aware of the risks and benefits. In addition, the commander of an organization w...Rule Medium Severity -
SRG-VOIP-000280
Group -
Deploying Unified Capabilities (UC) soft clients on DOD networks must have authorizing official (AO) approval.
This use case addresses situations in which UC soft client applications on workstations are not the primary voice communications device in the work area. This means there is a validated mission nee...Rule Medium Severity -
SRG-VOIP-000290
Group -
SRG-VOIP-000310
Group -
The LAN hardware supporting VVoIP services must provide redundancy to support command and control (C2) assured services and Fire and Emergency Services (FES) communications.
Voice services in support of high-priority military command and control precedence must meet minimum requirements for reliability and survivability of the supporting infrastructure. Design requirem...Rule Medium Severity -
SRG-VOIP-000320
Group -
The LAN hardware supporting VVoIP services must provide physically diverse pathways for redundant links supporting command and control (C2) assured services and Fire and Emergency Services (FES) communications.
Voice services in support of high-priority military command and control precedence must meet minimum requirements for reliability and survivability of the supporting infrastructure. Design requirem...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.