UCF STIG Viewer Logo

ECVI-1 Voice-over-IP (VoIP) Protection


Voice over Internet Protocol (VoIP) traffic to and from workstation IP telephony clients that are independently configured by end users for personal use is prohibited within DoD information systems. Both inbound and outbound individually configured voice over IP traffic is blocked at the enclave boundary. Note: This does not include VoIP services that are configured by a DoD AIS application or enclave to perform an authorized and official function.

MAC / CONF Impact Subject Area
Medium Enclave Computing Environment


VoIP technology improves productivity through enhanced voice services for the DOD, but these services increase the risk in exposing government information systems to security vulnerabilities especially if configured independently by end users.  VoIP vulnerabilities are mitigated when authorized personnel configure the services.

1. The VoIP supported network must be designed, implemented, and operated in a secure manner, providing end-to-end security from the VoIP terminal device to the VoIP applications required for operation, including applicable host platforms and associated support software.
2. The IAO shall ensure that VoIP systems are approved by the DAA before they are installed and/or used to store, process, or transmit DOD information.
3. The IAO shall ensure that VoIP systems are compliant with overall network security architecture and appropriate enclave security requirements.
4. The IAO shall ensure that VoIP devices are added to site System Security Authorization Agreements.


  • CJCSM 6510.10, Defense-In-Depth: Information Assurance (IA) and Computer Network Defense (CND), 15 March 2002
  • CJCSI - Policy for Department of Defense (DOD) Voice Networks With Real Time Services
  • DISA Instruction 630-230-19, Security Requirements for Automated Information Systems, 09 July 1996
  • DISA Computer Services Security Handbook, Version 3. 1 December 2000
  • DISA, Voice Over Internet Protocol (VOIP), STIG, Version 1, Release 1, 13 January 2004
  • DISA Defense Switched Network STIG, Version 1, Release 1, 12 March 2003
  • DISA Network Infrastructure STIG, Version 5, Release 2, 29 September 2003
  • Addendum to the NSA Guide to Securing Microsoft Windows NT Networks and NSA Guides to Securing Windows 2000, Version 43 (to match NSA Guide), Release 1, 26 November 2002
  • DISA Unix STIG, Version 4, Release 4, 15 September 2003
  • DISA Enclave Security STIG, Version 1, Release 1, 30 March 2001
  • Army Regulation 380-19, Information Systems Security, 27 February 1998
  • Air Force Instruction 33-111, Telephone Systems Management, 01 June 2001
  • Secretary of the Navy Instruction 5239.3, Department of the Navy Automated Information Systems Security Program, 14 July 1995
  • Navy Staff Office Publication 5239-15, Controlled Access Protection Guidebook, August 1992
  • NIST Security Considerations for Voice Over IP Systems, January 2003.   NSTISSP 101, National Policy on Securing Voice Communications, 14 September 1999