Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-43035 | RTS-VTC 1240 | SV-55764r1_rule | ECCT-1 ECNK-1 ECSC-1 | Medium |
Description |
---|
An IP/H.323-based VTC system as a whole (including CODECs, MCUs, Gatekeepers, Gateways, firewall traversal border elements, etc.) must implement H.235-based signaling encryption. H.235 has been developed to help secure the signaling protocols used in the H.323 suite of protocols. H.235 uses the Advanced Encryption Standard (AES) for encryption and the Diffie-Hellman key exchange protocol for key exchange. AES is supported under H.235 version 3. Technical details of H.235 are set forth in the ITU-T Recommendation H.235.6 (2005), H.323 security: Voice encryption profile with native H.235/H.245 key management. |
STIG | Date |
---|---|
Video Services Policy STIG | 2015-02-05 |
Check Text ( C-49187r3_chk ) |
---|
Review the documentation to determine that the VTC equipment supports H.235-based signaling encryption and review configuration of the equipment to verify that it is being implemented. If the equipment does not support H.235-based signaling encryption or it has not been implemented, this is a finding. |
Fix Text (F-48617r2_fix) |
---|
Obtain equipment that supports H.235-based signaling encryption and configure the equipment to implement encryption. |