UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Sufficient backup power must be provided for LAN infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support non-command and control (C2) user accessible endpoints for emergency life safety and security calls.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259926 SRG-VOIP-000460 SV-259926r948772_rule Low
Description
Unified Capabilities (UC) users require different levels of capability depending on command and control needs. Special-C2 decision makers requiring Flash or Flash Override precedence must have eight hours of continuous backup power at all times. C2 users requiring Immediate or Priority precedence must have two hours of continuous backup power. Interrupting any of the routing or switching infrastructures will disrupt VVoIP service. If the infrastructure is interrupted, command and control communications are disrupted, preventing critical communications from occurring. When implementing a VVoIP system without considering uninterruptible power supply (UPS) system power needs for the VVoIP controllers and endpoints as well as the entire LAN, and supporting those needs with UPSs, communications availability is reduced. All elements of the LAN infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints directly supporting users with precedence needs must be provided with sufficient backup power to meet availability requirements. This reduction in availability threatens facility and personal security and safety as well as life safety during a power failure.
STIG Date
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide 2024-03-12

Details

Check Text ( C-63657r946697_chk )
Inspect the VVoIP system design for evidence of continuous backup power to the infrastructure and command and control users.

Verify a UPS system is provided for all parts of the VVoIP infrastructure, including the core Local Session Controller (LSC)/Multifunction Soft Switch (MFSS), adjunct systems providing critical services, SBC, CER, LAN elements, and endpoints as follows:
- All VVoIP system devices, including portions of the LAN that supports non-C2 users, are provided 15 minutes of UPS in support of emergency life safety and security communications during a power failure.
- In no case should a UPS system immediately, or within a short time, drop power to the supported equipment when primary power is removed. This would indicate an undersized or defective UPS unit.

Determine if the infrastructure assets being reviewed support non-C2 users.

If non-C2 users are supported and 15 minutes of backup power is not provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints for emergency life safety and security calls, this is a finding.

NOTE: The requirement for UPS support to non-C2 user communications is negated when these users have an alternate reliable means of communicating in such situations. A suitable alternative would be a policy and standard operating procedure in effect requiring users to evacuate the facility to a location where mobile communications capability is available and acceptable.
Fix Text (F-63564r946698_fix)
Ensure a UPS system is provided for all parts of the VVoIP infrastructure, including the core LSC/MFSS, adjunct systems providing critical services, SBC, CER, LAN elements, and endpoints. All VVoIP system devices, including portions of the LAN supporting non-C2 users, are provided at least 15 minutes of UPS in support of emergency life safety and security communications during a power failure.

NOTE: The 15 minutes of UPS mandated by this requirement is a minimum. Backup times of 30 to 60 minutes are preferred. UPS systems supplying power to infrastructure supporting non-C2 users should also support environmental power to prevent equipment failures.