I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-VOIP-000550
<GroupDescription></GroupDescription>Group -
The Session Border Controller (SBC) (or similar firewall type device) must deny all packets traversing the enclave boundary (inbound or outbound) through the IP port pinholes opened for VVoIP sessions, except RTP/RTCP, SRTP/SRTCP, or other protocol/flow established by signaling messages.
<VulnDiscussion>Once a pinhole is opened in the enclave boundary for a known session, the packets that are permitted to pass must be managed....Rule High Severity -
SRG-VOIP-000560
<GroupDescription></GroupDescription>Group -
The Session Border Controller (SBC) must be configured to notify system administrators and the information system security officer (ISSO) when attempts to cause a denial of service (DoS) or other suspicious events are detected.
<VulnDiscussion>Action cannot be taken to thwart an attempted DOS or compromise if the system administrators responsible for the operation of...Rule Medium Severity -
SRG-VOIP-000570
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging system connecting with a DISN IPVS must be configured to signal with a backup Multifunction Soft Switch (MFSS) (or SS) if the primary cannot be reached.
<VulnDiscussion>Redundancy of equipment and associations is used in an IP network to increase the availability of a system. Multiple MFSSs in...Rule Medium Severity -
SRG-VOIP-000580
<GroupDescription></GroupDescription>Group -
The Multifunction Soft Switch (MFSS) must be configured to synchronize with at minimum a paired MFSS and/or others so that each may serve as a backup for the other when signaling with its assigned Local Session Controller (LSC), thus improving the reliability and survivability of the DISN IPVS network.
<VulnDiscussion>MFSSs are critical to the operation of the DISN NIPRNet IPVS network. They broker the establishment of calls between enclaves...Rule Medium Severity -
SRG-VOIP-000590
<GroupDescription></GroupDescription>Group -
A MAC Authentication Bypass policy must be implemented for 802.1x unsupported devices that connect to the Enterprise Voice, Video, and Messaging system.
<VulnDiscussion>MAC Authentication Bypass (MAB) is not a sufficient stand-alone authentication mechanism for non-802.1x supplicant endpoints....Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.