The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must be TEMPEST certified.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-43023	RTS-VTC 7160	SV-55752r1_rule	ECTC-1	Low

Description
National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST-2-95 and other similar documents provide the requirements and installation guidelines for systems and facilities processing National Security Information (NSI). A Certified TEMPEST Technical Authority (CTTA) is a certified individual who has been appointed by a U.S. Government department or agency to fulfill CTTA responsibilities. National policy requires that certain systems and facilities that process NSI must be reviewed by a CTTA. The CTTA will consider a variety of methods that can be applied to the system/facility to achieve TEMPEST security. The RED/BLACK guidance contained in TEMPEST-2-95 will be considered by the CTTA along with other measures (e.g., TEMPEST Zoning, TEMPEST suppressed equipment and shielding) to determine the most cost-effective countermeasures to achieve TEMPEST security. Only those RED/BLACK criteria specifically identified by the CTTA will be implemented. DISN Video Services (DVS) maintains a list of A/B switches and dial isolators that have been TEMPEST certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls.

Description

National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST-2-95 and other similar documents provide the requirements and installation guidelines for systems and facilities processing National Security Information (NSI). A Certified TEMPEST Technical Authority (CTTA) is a certified individual who has been appointed by a U.S. Government department or agency to fulfill CTTA responsibilities. National policy requires that certain systems and facilities that process NSI must be reviewed by a CTTA. The CTTA will consider a variety of methods that can be applied to the system/facility to achieve TEMPEST security. The RED/BLACK guidance contained in TEMPEST-2-95 will be considered by the CTTA along with other measures (e.g., TEMPEST Zoning, TEMPEST suppressed equipment and shielding) to determine the most cost-effective countermeasures to achieve TEMPEST security. Only those RED/BLACK criteria specifically identified by the CTTA will be implemented. DISN Video Services (DVS) maintains a list of A/B switches and dial isolators that have been TEMPEST certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls.

STIG	Date
Video Teleconference STIG	2014-02-11

Details

Check Text ( C-49180r7_chk )
Review the documentation to verify whether the A/B, A/B/C, or A/B/C/D switch is TEMPEST certified. DISN Video Services (DVS) maintains a list of A/B, A/B/C, or A/B/C/D switches that have been TEMPEST certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls. Alternately, review TEMPEST certification documentation provided by a CTTA or the vendor. If the A/B, A/B/C, or A/B/C/D switch is not on the list, or satisfactory documentation is not provided, this is a finding.

Check Text ( C-49180r7_chk )

Review the documentation to verify whether the A/B, A/B/C, or A/B/C/D switch is TEMPEST certified. DISN Video Services (DVS) maintains a list of A/B, A/B/C, or A/B/C/D switches that have been TEMPEST certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls.
Alternately, review TEMPEST certification documentation provided by a CTTA or the vendor.
If the A/B, A/B/C, or A/B/C/D switch is not on the list, or satisfactory documentation is not provided, this is a finding.

Fix Text (F-48607r1_fix)
Obtain and install a TEMPEST certified A/B, A/B/C, or A/B/C/D switch.