Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-259897 | SRG-VOIP-000170 | SV-259897r956911_rule | Medium |
Description |
---|
Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network having a lower classification level. Ideally, the CODEC will be disconnected from any network while it is being reconfigured. However, the requirement can be met by using a procedure that purges the configuration for the currently connected network, power cycling the CODEC as required (for a minimum of 60 seconds per SRG-VOIP-000140) as the CODEC is switched to the next network, and then reconfiguring the CODEC for the next session. |
STIG | Date |
---|---|
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide | 2024-03-12 |
Check Text ( C-63628r946610_chk ) |
---|
Review the VTC system architecture documentation and observe system operation while transitioning between networks to verify one of the following: - The CODEC is switched to a disconnected/unused switch position while it is being purged/reconfigured. - The CODEC is purged while connected to one network, power cycled as it is switched to the next network, and then reconfigured for that network. Alternately, if a manual switching procedure is used, verify the CODEC is physically disconnected from any network while being reconfigured. If none of these procedures is being followed, this is a finding. |
Fix Text (F-63535r946611_fix) |
---|
Do one of the following: - Architect, implement, and configure the system so the A/B, A/B/C, or A/B/C/D switch connects the CODEC to an unused switch position while it is being reconfigured during transition from one network to another. - Architect, implement, and configure the system so the CODEC configuration is purged before it is switched to the next network, the CODEC is power cycled for the required time period as the A/B, A/B/C, or A/B/C/D switch connects the CODEC to the next network, and then the CODEC is reconfigured for that network. - If a manual switching procedure is used, physically disconnect the CODEC from any network while it is reconfigured for the next network. |