Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • The Session Border Controller (SBC) must drop all SIP and AS-SIP packets except those secured with TLS.

    <VulnDiscussion>DISN NIPRNet IPVS PMO and the Unified Capabilities Requirements (UCR) require all session signaling across the DISN WAN and b...
    Rule Medium Severity
  • SRG-VOIP-000530

    <GroupDescription></GroupDescription>
    Group
  • The Session Border Controller (SBC) must be configured to manage IP port pinholes for the SRTP/SRTCP bearer streams based on the information in the SIP and AS-SIP messages.

    &lt;VulnDiscussion&gt;The function of the SBC is to manage SIP and AS-SIP signaling messages. The SBC also manages the SRTP/SRTCP bearer streams. T...
    Rule Medium Severity
  • SRG-VOIP-000540

    <GroupDescription></GroupDescription>
    Group
  • The Session Border Controller (SBC) (or similar firewall type device) must perform stateful inspection and packet authentication for all VVoIP traffic (inbound and outbound) and deny all other packets.

    &lt;VulnDiscussion&gt;Once a pinhole is opened in the enclave boundary for a known session, the packets that are permitted to pass must be managed....
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules