III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-VOIP-000100
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Policy must define operations for VTC and endpoint cameras regarding the ability to pick up and transmit sensitive information.
<VulnDiscussion>Users of conference room or office-based VTC systems and PC-based communications applications that employ a camera must not i...Rule High Severity -
SRG-VOIP-000110
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Policy must define operations for endpoint microphones regarding the ability to pick up and transmit sensitive information.
<VulnDiscussion>Microphones used with VTC systems and devices are designed to be extremely sensitive so the voice of anyone speaking anywhere...Rule Medium Severity -
SRG-VOIP-000120
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next.
<VulnDiscussion>All residual data (data unintentionally left behind on computer media) must be cleared before transitioning from one period/n...Rule Medium Severity -
SRG-VOIP-000130
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by connecting the CODEC to one network at a time, matching the classification level of the session to the classification level of the network.
<VulnDiscussion>Connecting to networks of different classifications simultaneously incurs the risk of data from a higher classification being...Rule High Severity -
SRG-VOIP-000140
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing sanitization by purging/clearing volatile memory within the CODEC by powering the CODEC off for a minimum of 60 seconds.
<VulnDiscussion>Volatile memory requires power to maintain the stored information. It retains its contents while powered, but when power is i...Rule Medium Severity -
SRG-VOIP-000150
<GroupDescription></GroupDescription>Group -
IP-based VTC systems implementing a single CODEC that support conferences on multiple networks with different classification levels must sanitize nonvolatile memory while transitioning between networks by overwriting all configurable parameters with null settings before reconfiguring the CODEC for connection to the next network.
<VulnDiscussion>A factory reset is the software restoration of an electronic device to its original system state by erasing all information s...Rule Medium Severity -
SRG-VOIP-000160
<GroupDescription></GroupDescription>Group -
The A/B, A/B/C, or A/B/C/D switch within an IP-based VTC system that supports conferences on multiple networks with different classification levels must be based on optical technologies to maintain electrical isolation between the various networks to which it connects.
<VulnDiscussion>The A/B, A/B/C, or A/B/C/D switch is physically connected to multiple networks that have different classification levels. Cop...Rule Medium Severity -
SRG-VOIP-000170
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels must be implemented in such a way that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level.
<VulnDiscussion>Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration info...Rule Medium Severity -
SRG-VOIP-000180
<GroupDescription></GroupDescription>Group -
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be Common Criteria certified.
<VulnDiscussion>Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security p...Rule Medium Severity -
SRG-VOIP-000190
<GroupDescription></GroupDescription>Group -
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be TEMPEST certified.
<VulnDiscussion>Committee on National Security Systems Advisory Memorandum (CNSSAM) TEMPEST/01-13, RED/BLACK Installation Guidance, provides ...Rule Low Severity -
SRG-VOIP-000200
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks with different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections so only one CODEC is powered on or one CODEC is connected to any network at any given time.
<VulnDiscussion>If a VTC system is implemented using multiple CODECs, each connected to a network with a different classification level, alon...Rule Medium Severity -
SRG-VOIP-000210
<GroupDescription></GroupDescription>Group -
The implementation of an IP-based VTC system that supports conferences on multiple networks with different classification levels must maintain isolation between the networks to which it connects by implementing separation of equipment and cabling between the various networks with differing classification levels in accordance with CNSSAM TEMPEST/01-13, RED/BLACK Installation Guidance.
<VulnDiscussion>Information leakage is the intentional or unintentional release of information to an untrusted environment from electromagnet...Rule Medium Severity -
SRG-VOIP-000220
<GroupDescription></GroupDescription>Group -
Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over nonsecure systems.
<VulnDiscussion>Speakers used with Voice Video systems and devices may be heard by people and microphones with no relationship to the confere...Rule Medium Severity -
SRG-VOIP-000230
<GroupDescription></GroupDescription>Group -
An inventory of authorized instruments must be documented and maintained in support of the detection of unauthorized instruments connected to the Enterprise Voice, Video, and Messaging system.
<VulnDiscussion>Traditional telephone systems require physical wiring and/or switch configuration changes to add an instrument to the system....Rule Medium Severity -
SRG-VOIP-000240
<GroupDescription></GroupDescription>Group -
Customers of the DISN VoSIP service must use address blocks assigned by the DRSN/VoSIP PMO.
<VulnDiscussion>Ensure different, dedicated, address blocks or ranges are defined for the VVoIP system within the LAN (Enclave) that are sepa...Rule Low Severity -
SRG-VOIP-000250
<GroupDescription></GroupDescription>Group -
Voice networks must not be bridged via a Unified Capability (UC) soft client accessory.
<VulnDiscussion>While a headset, microphone, or webcam can be considered to be UC soft client accessories, these are also accessories for oth...Rule Medium Severity -
SRG-VOIP-000260
<GroupDescription></GroupDescription>Group -
When soft-phones are implemented as the primary voice endpoint in the user's workspace, a policy must be defined to supplement with physical hardware-based phones near all such workspaces.
<VulnDiscussion>This and several other requirements discuss the implementation of PC soft-phones or UC applications as the primary and only c...Rule Medium Severity -
SRG-VOIP-000270
<GroupDescription></GroupDescription>Group -
Implementing Unified Capabilities (UC) soft clients as the primary voice endpoint must have authorizing official (AO) approval.
<VulnDiscussion>The AO responsible for the implementation of a voice system that uses UC soft clients for its endpoints must be made aware of...Rule Medium Severity -
SRG-VOIP-000280
<GroupDescription></GroupDescription>Group -
Deploying Unified Capabilities (UC) soft clients on DOD networks must have authorizing official (AO) approval.
<VulnDiscussion>This use case addresses situations in which UC soft client applications on workstations are not the primary voice communicati...Rule Medium Severity -
SRG-VOIP-000290
<GroupDescription></GroupDescription>Group -
A Call Center or Computer Telephony Integration (CTI) system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary.
<VulnDiscussion>UC soft clients may be used on a strategic LAN when associated with or part of a CTI application. Traditional computer teleph...Rule Medium Severity -
SRG-VOIP-000300
<GroupDescription></GroupDescription>Group -
The local Enterprise Voice, Video, and Messaging system must have the capability to place intrasite and local phone calls when network connectivity is severed from the remote centrally located session controller.
<VulnDiscussion>Voice phone services are critical to the effective operation of a business, an office, or in support or control of a DOD miss...Rule Medium Severity -
SRG-VOIP-000310
<GroupDescription></GroupDescription>Group -
The LAN hardware supporting VVoIP services must provide redundancy to support command and control (C2) assured services and Fire and Emergency Services (FES) communications.
<VulnDiscussion>Voice services in support of high-priority military command and control precedence must meet minimum requirements for reliabi...Rule Medium Severity -
SRG-VOIP-000320
<GroupDescription></GroupDescription>Group -
The LAN hardware supporting VVoIP services must provide physically diverse pathways for redundant links supporting command and control (C2) assured services and Fire and Emergency Services (FES) communications.
<VulnDiscussion>Voice services in support of high-priority military command and control precedence must meet minimum requirements for reliabi...Rule Medium Severity -
SRG-VOIP-000330
<GroupDescription></GroupDescription>Group -
The site's enclave boundary protection must route commercial VoIP traffic via a local Media Gateway (MG) connected to a commercial service provider using PRI, CAS, or POTS analog trunks.
<VulnDiscussion>There are several reasons VVoIP system access to local voice services must use a locally implemented MG connected to commerci...Rule Medium Severity -
SRG-VOIP-000340
<GroupDescription></GroupDescription>Group -
Local commercial phone service must be provided in support of continuity of operations (COOP) and Fire and Emergency Services (FES) communications.
<VulnDiscussion>Voice phone services are critical to the effective operation of the DOD mission. Phone service must be available an emergency...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.