I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-VOIP-000200
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks with different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections so only one CODEC is powered on or one CODEC is connected to any network at any given time.
<VulnDiscussion>If a VTC system is implemented using multiple CODECs, each connected to a network with a different classification level, alon...Rule Medium Severity -
SRG-VOIP-000210
<GroupDescription></GroupDescription>Group -
The implementation of an IP-based VTC system that supports conferences on multiple networks with different classification levels must maintain isolation between the networks to which it connects by implementing separation of equipment and cabling between the various networks with differing classification levels in accordance with CNSSAM TEMPEST/01-13, RED/BLACK Installation Guidance.
<VulnDiscussion>Information leakage is the intentional or unintentional release of information to an untrusted environment from electromagnet...Rule Medium Severity -
SRG-VOIP-000220
<GroupDescription></GroupDescription>Group -
Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over nonsecure systems.
<VulnDiscussion>Speakers used with Voice Video systems and devices may be heard by people and microphones with no relationship to the confere...Rule Medium Severity -
SRG-VOIP-000230
<GroupDescription></GroupDescription>Group -
An inventory of authorized instruments must be documented and maintained in support of the detection of unauthorized instruments connected to the Enterprise Voice, Video, and Messaging system.
<VulnDiscussion>Traditional telephone systems require physical wiring and/or switch configuration changes to add an instrument to the system....Rule Medium Severity -
SRG-VOIP-000240
<GroupDescription></GroupDescription>Group -
Customers of the DISN VoSIP service must use address blocks assigned by the DRSN/VoSIP PMO.
<VulnDiscussion>Ensure different, dedicated, address blocks or ranges are defined for the VVoIP system within the LAN (Enclave) that are sepa...Rule Low Severity -
SRG-VOIP-000250
<GroupDescription></GroupDescription>Group -
Voice networks must not be bridged via a Unified Capability (UC) soft client accessory.
<VulnDiscussion>While a headset, microphone, or webcam can be considered to be UC soft client accessories, these are also accessories for oth...Rule Medium Severity -
SRG-VOIP-000260
<GroupDescription></GroupDescription>Group -
When soft-phones are implemented as the primary voice endpoint in the user's workspace, a policy must be defined to supplement with physical hardware-based phones near all such workspaces.
<VulnDiscussion>This and several other requirements discuss the implementation of PC soft-phones or UC applications as the primary and only c...Rule Medium Severity -
SRG-VOIP-000270
<GroupDescription></GroupDescription>Group -
Implementing Unified Capabilities (UC) soft clients as the primary voice endpoint must have authorizing official (AO) approval.
<VulnDiscussion>The AO responsible for the implementation of a voice system that uses UC soft clients for its endpoints must be made aware of...Rule Medium Severity -
SRG-VOIP-000280
<GroupDescription></GroupDescription>Group -
Deploying Unified Capabilities (UC) soft clients on DOD networks must have authorizing official (AO) approval.
<VulnDiscussion>This use case addresses situations in which UC soft client applications on workstations are not the primary voice communicati...Rule Medium Severity -
SRG-VOIP-000290
<GroupDescription></GroupDescription>Group -
A Call Center or Computer Telephony Integration (CTI) system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary.
<VulnDiscussion>UC soft clients may be used on a strategic LAN when associated with or part of a CTI application. Traditional computer teleph...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.