UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels must be implemented in such a way that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259897 SRG-VOIP-000170 SV-259897r956911_rule Medium
Description
Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network having a lower classification level. Ideally, the CODEC will be disconnected from any network while it is being reconfigured. However, the requirement can be met by using a procedure that purges the configuration for the currently connected network, power cycling the CODEC as required (for a minimum of 60 seconds per SRG-VOIP-000140) as the CODEC is switched to the next network, and then reconfiguring the CODEC for the next session.
STIG Date
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide 2024-03-12

Details

Check Text ( C-63628r946610_chk )
Review the VTC system architecture documentation and observe system operation while transitioning between networks to verify one of the following:

- The CODEC is switched to a disconnected/unused switch position while it is being purged/reconfigured.
- The CODEC is purged while connected to one network, power cycled as it is switched to the next network, and then reconfigured for that network.

Alternately, if a manual switching procedure is used, verify the CODEC is physically disconnected from any network while being reconfigured.

If none of these procedures is being followed, this is a finding.
Fix Text (F-63535r946611_fix)
Do one of the following:

- Architect, implement, and configure the system so the A/B, A/B/C, or A/B/C/D switch connects the CODEC to an unused switch position while it is being reconfigured during transition from one network to another.
- Architect, implement, and configure the system so the CODEC configuration is purged before it is switched to the next network, the CODEC is power cycled for the required time period as the A/B, A/B/C, or A/B/C/D switch connects the CODEC to the next network, and then the CODEC is reconfigured for that network.
- If a manual switching procedure is used, physically disconnect the CODEC from any network while it is reconfigured for the next network.