Enclaves with commercial VoIP connections must be approved by the DODIN Waiver Panel and signed by DOD CIO for a permanent alternate connection to the Internet Telephony Service Provider (ITSP).

Description

<VulnDiscussion>The DOD requires the use of DISN services as the first choice to meet core communications needs. When additional services for SIP trunks are necessary, an ITSP may provide an "alternate connection", but this requires approval by the DODIN Waiver Panel and signature by the DOD CIO. Local ISP connections provide an internet pathway into the DISN, placing the DODIN directly at risk for exploitation. A local ISP connection can circumnavigate DOD protections of the DISN at its boundaries with the internet. Using commercial VoIP service from an ITSP requires the implementation of an internet service provider (ISP) connection, potentially providing a path to the internet. These types of connections must be approved and must meet the requirements in the Network Infrastructure STIG (NET0160) for an Internet Access Point (IAP). ITSP connections may provide SIP trunks terminating on a media gateway, which then provides TDM trunks or POTS lines to traditional non-VoIP PBX, key system, or individual end instrument. ITSP connections terminating in a separate LAN from the enclave's DOD LAN may support a separate VoIP system. This connection type might be used for a small site having a small VoIP system or a few discrete phones dedicated to commercial network calling. Additional guidance for the selection and procurement of telecommunications services is discussed in the DODI 8100.4 "DOD Unified Capabilities (UC)" dated 9 Dec 2010 and the DOD Unified Capabilities Requirements 2013 (UCR 2013) documents.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>