UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Enterprise Voice, Video, and Messaging system connecting with a DISN IPVS must be configured to signal with a backup Multifunction Soft Switch (MFSS) (or SS) if the primary cannot be reached.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259937 SRG-VOIP-000570 SV-259937r948784_rule Medium
Description
Redundancy of equipment and associations is used in an IP network to increase the availability of a system. Multiple MFSSs in the DISN NIPRNet IPVS network and multiple SSs in the DISN SIPRNet IPVS network have been implemented to provide networkwide redundancy of their functions. They are intended to work in pairs so that one can provide its backbone services to multiple LSCs that are configured to use one as a primary and the other as a backup. This is necessary to the maintenance of backbone functionality in the event there is a circuit (network path) failure, an MFSS or SS failure, or one of the sites housing an MFSS or SS is lost or the MFSS or SS becomes unavailable. Based on this, when establishing a call on the WAN, each LSC must be configured to signal with a backup MFSS or SS in the event it cannot reach its primary.
STIG Date
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide 2024-03-12

Details

Check Text ( C-63668r946730_chk )
Inspect the configurations of the LSC(s) to determine compliance with the requirement.

If the LSC(s) are not configured to signal with a backup MFSS (or SS) in the event the primary cannot be reached, this is a finding.
Fix Text (F-63575r948783_fix)
If the Enterprise Voice, Video, and Messaging system connects to the DISN WAN for VVoIP transport between enclaves AND the system is intended to provide assured service communications to any level of command control (C2) user (Special-C2, C2, C2(R)), ensure each enclave containing one or more LSCs is assigned to, associated with, or serviced by two DISN IPVS core backbone systems as follows:
- For DISN NIPRNet IPVS, each enclave will be serviced by at least one primary and one secondary (backup) MFSS.
- For DISN SIPRNet IPVS, each enclave will be serviced by at least one primary and one secondary SS at the SIPRNet tier 0 routers.