I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-VOIP-000400
<GroupDescription></GroupDescription>Group -
The Fire and Emergency Services (FES) communications over a site's telephone system must be configured to support the Department of Defense Instruction (DODI) 6055.06 telecommunication capabilities.
<VulnDiscussion>Emergency communications must include requests for fire, police, and medical assistance. In DOD, these communications can als...Rule Medium Severity -
SRG-VOIP-000410
<GroupDescription></GroupDescription>Group -
The Fire and Emergency Services (F&ES) communications over a site's private telephone system must provide the originating telephone number to the emergency services answering point or call center through a transfer of Automatic Number Identification (ANI) or Automatic Location Identification (ALI) information.
<VulnDiscussion>The implementation of Enhanced F&ES telecommunications services requires that the emergency services answering point or c...Rule Medium Severity -
SRG-VOIP-000420
<GroupDescription></GroupDescription>Group -
The Fire and Emergency Services (F&ES) communications over a site's private telephone system must provide a direct callback telephone number and physical location of an F&ES caller to the emergency services answering point or call center through a transfer of Automatic Number Identification (ANI) and extended Automatic Location Identification (ALI) information or access to an extended ALI database.
<VulnDiscussion>Under Federal Communication Commission (FCC) rules and the laws of some states, the implementation of Enhanced F&ES telec...Rule Medium Severity -
SRG-VOIP-000430
<GroupDescription></GroupDescription>Group -
The Fire and Emergency Services (F&ES) communications over a site's private telephone system must route emergency calls as a priority call in a nonblocking manner.
<VulnDiscussion>When calling the designated F&ES telephone number, the call must go through regardless of the state of other calls in the...Rule Medium Severity -
SRG-VOIP-000440
<GroupDescription></GroupDescription>Group -
Eight hours of backup power must be provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support Special-C2 users.
<VulnDiscussion>Unified Capabilities (UC) users require different levels of capability depending on command and control needs. Special-C2 dec...Rule Medium Severity -
SRG-VOIP-000450
<GroupDescription></GroupDescription>Group -
Two hours of backup power must be provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support Immediate or Priority precedence C2 users.
<VulnDiscussion>Unified Capabilities (UC) users require different levels of capability depending upon command and control (C2) needs. Special...Rule Medium Severity -
SRG-VOIP-000460
<GroupDescription></GroupDescription>Group -
Sufficient backup power must be provided for LAN infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support non-command and control (C2) user accessible endpoints for emergency life safety and security calls.
<VulnDiscussion>Unified Capabilities (UC) users require different levels of capability depending on command and control needs. Special-C2 dec...Rule Low Severity -
SRG-VOIP-000470
<GroupDescription></GroupDescription>Group -
The Session Border Controller (SBC) must filter inbound SIP and AS-SIP traffic based on the IP addresses of the internal Enterprise Session Controller (ESC), Local Session Controller (LSC), or Multifunction Soft Switch (MFSS).
<VulnDiscussion>The SBC is in the VVoIP signaling between the LSC and MFSS. To limit exposure to compromise and denial of service, the SBC mu...Rule Medium Severity -
SRG-VOIP-000480
<GroupDescription></GroupDescription>Group -
The Session Border Controller (SBC) must be configured to terminate and decrypt inbound and outbound SIP and AS-SIP sessions to ensure proper management for the transition of the SRTP/SRTCP streams.
<VulnDiscussion>The function of the SBC is to manage SIP and AS-SIP signaling messages. To perform its proper function in the enclave boundar...Rule Medium Severity -
SRG-VOIP-000490
<GroupDescription></GroupDescription>Group -
The Session Border Controller (SBC) must be configured to only process packets authenticated from an authorized source within the DISN IPVS network.
<VulnDiscussion>The function of the SBC is to manage SIP and AS-SIP signaling messages. The SBC also authenticates SIP and AS-SIP signaling m...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.