Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next.
All residual data (data unintentionally left behind on computer media) must be cleared before transitioning from one period/network to the next. Because the equipment is reused, nondestructive tech...Rule Medium Severity -
The A/B, A/B/C, or A/B/C/D switch within an IP-based VTC system that supports conferences on multiple networks with different classification levels must be based on optical technologies to maintain electrical isolation between the various networks to which it connects.
The A/B, A/B/C, or A/B/C/D switch is physically connected to multiple networks that have different classification levels. Copper-based switches provide minimal or no electrical isolation due to cap...Rule Medium Severity -
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be Common Criteria certified.
Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner...Rule Medium Severity -
An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks with different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections so only one CODEC is powered on or one CODEC is connected to any network at any given time.
If a VTC system is implemented using multiple CODECs, each connected to a network with a different classification level, along with an A/V switcher, a potential path exists through the CODECs and A...Rule Medium Severity -
The implementation of an IP-based VTC system that supports conferences on multiple networks with different classification levels must maintain isolation between the networks to which it connects by implementing separation of equipment and cabling between the various networks with differing classification levels in accordance with CNSSAM TEMPEST/01-13, RED/BLACK Installation Guidance.
Information leakage is the intentional or unintentional release of information to an untrusted environment from electromagnetic signals emanations. Security categories or classifications of informa...Rule Medium Severity -
An inventory of authorized instruments must be documented and maintained in support of the detection of unauthorized instruments connected to the Enterprise Voice, Video, and Messaging system.
Traditional telephone systems require physical wiring and/or switch configuration changes to add an instrument to the system. This makes it difficult for someone to add unauthorized digital instrum...Rule Medium Severity -
Customers of the DISN VoSIP service must use address blocks assigned by the DRSN/VoSIP PMO.
Ensure different, dedicated, address blocks or ranges are defined for the VVoIP system within the LAN (Enclave) that are separate from the address blocks/ranges used by the rest of the LAN for non-...Rule Low Severity -
The local Enterprise Voice, Video, and Messaging system must have the capability to place intrasite and local phone calls when network connectivity is severed from the remote centrally located session controller.
Voice phone services are critical to the effective operation of a business, an office, or in support or control of a DOD mission. It is critical that phone service is available in the event of an e...Rule Medium Severity -
Local commercial phone service must be provided in support of continuity of operations (COOP) and Fire and Emergency Services (FES) communications.
Voice phone services are critical to the effective operation of the DOD mission. Phone service must be available an emergency, such as a security breach or life safety event. The ability to place c...Rule Medium Severity -
The required dua- homed DISN Core or NIPRNet access circuits must follow geographically diverse paths from the CER(s) along the entire route to the geographically diverse SDNs.
One way to provide the greatest reliability and availability for DISN services is to provide redundancy in the network pathways between the customer site and the redundant DISN SDNs. The DISN cor...Rule Medium Severity -
Critical network equipment must be redundant and in geographically diverse locations for a site supporting command and control (C2) users.
The enhanced reliability and availability achieved by the implementation of redundancy and geographic diversity throughout the DISN Core, along with the implementation of dual-homed circuits via ge...Rule Low Severity -
The Fire and Emergency Services (F&ES) communications over a site's private telephone system must provide the originating telephone number to the emergency services answering point or call center through a transfer of Automatic Number Identification (ANI) or Automatic Location Identification (ALI) information.
The implementation of Enhanced F&ES telecommunications services requires that the emergency services answering point or call center be able to automatically locate the calling party in the event th...Rule Medium Severity -
Eight hours of backup power must be provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support Special-C2 users.
Unified Capabilities (UC) users require different levels of capability depending on command and control needs. Special-C2 decision makers requiring Flash or Flash Override precedence must have eigh...Rule Medium Severity -
Two hours of backup power must be provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support Immediate or Priority precedence C2 users.
Unified Capabilities (UC) users require different levels of capability depending upon command and control (C2) needs. Special-C2 decision makers requiring Flash or Flash Override precedence must ha...Rule Medium Severity -
The Session Border Controller (SBC) must be configured to terminate and decrypt inbound and outbound SIP and AS-SIP sessions to ensure proper management for the transition of the SRTP/SRTCP streams.
The function of the SBC is to manage SIP and AS-SIP signaling messages. To perform its proper function in the enclave boundary, the SBC must decrypt and decode or understand the contents of SIP and...Rule Medium Severity -
The Session Border Controller (SBC) must be configured to only process packets authenticated from an authorized source within the DISN IPVS network.
The function of the SBC is to manage SIP and AS-SIP signaling messages. The SBC also authenticates SIP and AS-SIP signaling messages, ensuring they are from an authorized source. DOD policy dictate...Rule Medium Severity -
The Session Border Controller (SBC) must be configured to validate the structure and validity of SIP and AS-SIP messages so that malformed messages or messages containing errors are dropped before action is taken on the contents.
Malformed SIP and AS_SIP messages, as well as messages containing errors, could be an indication that an adversary is attempting some form of attack or denial of service. Such an attack is called f...Rule Low Severity -
The Session Border Controller (SBC) must be configured to manage IP port pinholes for the SRTP/SRTCP bearer streams based on the information in the SIP and AS-SIP messages.
The function of the SBC is to manage SIP and AS-SIP signaling messages. The SBC also manages the SRTP/SRTCP bearer streams. The DISN IPVS PMO has determined that the SBC will pass the negotiated an...Rule Medium Severity -
The Enterprise Voice, Video, and Messaging system connecting with a DISN IPVS must be configured to signal with a backup Multifunction Soft Switch (MFSS) (or SS) if the primary cannot be reached.
Redundancy of equipment and associations is used in an IP network to increase the availability of a system. Multiple MFSSs in the DISN NIPRNet IPVS network and multiple SSs in the DISN SIPRNet IPVS...Rule Medium Severity -
The Multifunction Soft Switch (MFSS) must be configured to synchronize with at minimum a paired MFSS and/or others so that each may serve as a backup for the other when signaling with its assigned Local Session Controller (LSC), thus improving the reliability and survivability of the DISN IPVS network.
MFSSs are critical to the operation of the DISN NIPRNet IPVS network. They broker the establishment of calls between enclaves. An MFSS provides the following functions: - Receives AS-SIP-TLS messa...Rule Medium Severity -
SRG-VOIP-000580
Group -
The Enterprise Voice, Video, and Messaging Policy must define operations for endpoint microphones regarding the ability to pick up and transmit sensitive information.
Microphones used with VTC systems and devices are designed to be extremely sensitive so the voice of anyone speaking anywhere within a conference room is picked up and amplified so they can be hear...Rule Medium Severity -
SRG-VOIP-000120
Group -
A Call Center or Computer Telephony Integration (CTI) system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary.
UC soft clients may be used on a strategic LAN when associated with or part of a CTI application. Traditional computer telephony integration CTI encompasses the control of a telephone or telecommun...Rule Medium Severity -
SRG-VOIP-000300
Group -
SRG-VOIP-000440
Group -
SRG-VOIP-000100
Group -
The Enterprise Voice, Video, and Messaging Policy must define operations for VTC and endpoint cameras regarding the ability to pick up and transmit sensitive information.
Users of conference room or office-based VTC systems and PC-based communications applications that employ a camera must not inadvertently display sensitive or classified information that is not par...Rule High Severity -
SRG-VOIP-000110
Group -
SRG-VOIP-000130
Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by connecting the CODEC to one network at a time, matching the classification level of the session to the classification level of the network.
Connecting to networks of different classifications simultaneously incurs the risk of data from a higher classification being released to a network of a lower classification, referred to as a "spil...Rule High Severity -
SRG-VOIP-000140
Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing sanitization by purging/clearing volatile memory within the CODEC by powering the CODEC off for a minimum of 60 seconds.
Volatile memory requires power to maintain the stored information. It retains its contents while powered, but when power is interrupted, stored data is immediately lost. Dynamic random-access memor...Rule Medium Severity -
SRG-VOIP-000150
Group -
IP-based VTC systems implementing a single CODEC that support conferences on multiple networks with different classification levels must sanitize nonvolatile memory while transitioning between networks by overwriting all configurable parameters with null settings before reconfiguring the CODEC for connection to the next network.
A factory reset is the software restoration of an electronic device to its original system state by erasing all information stored on the device to restore the device to its original factory or unc...Rule Medium Severity -
SRG-VOIP-000160
Group -
SRG-VOIP-000170
Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels must be implemented in such a way that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level.
Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network ...Rule Medium Severity -
SRG-VOIP-000180
Group -
SRG-VOIP-000190
Group -
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be TEMPEST certified.
Committee on National Security Systems Advisory Memorandum (CNSSAM) TEMPEST/01-13, RED/BLACK Installation Guidance, provides criteria for the installation of electronic equipment, cabling, and faci...Rule Low Severity -
SRG-VOIP-000200
Group -
SRG-VOIP-000210
Group -
SRG-VOIP-000220
Group -
Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over nonsecure systems.
Speakers used with Voice Video systems and devices may be heard by people and microphones with no relationship to the conference or call in progress. In open areas, conference audio may be overhear...Rule Medium Severity -
SRG-VOIP-000230
Group -
SRG-VOIP-000240
Group -
SRG-VOIP-000250
Group -
Voice networks must not be bridged via a Unified Capability (UC) soft client accessory.
While a headset, microphone, or webcam can be considered to be UC soft client accessories, these are also accessories for other collaboration and communications applications. This discussion rela...Rule Medium Severity -
SRG-VOIP-000260
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.