UCF STIG Viewer Logo

UN-authorized VVoIP instruments are registered with the LSC and are operational


Overview

Finding ID Version Rule ID IA Controls Severity
V-19446 VVoIP 1515 (GENERAL) SV-21497r1_rule Medium
Description
It is critical to the security of the system that all IPT / VoIP end instruments be authorized to connect to and use the system. Only authorized instruments should be configured in the system controller and therefore allowed to operate. Unauthorized instruments could lead to system abuse.
STIG Date
VOICE and VIDEO over INTERNET PROTOCOL (VVoIP) POLICY SECURITY TECHNICAL IMPLEMENTATION GUIDE 2010-08-17

Details

Check Text ( C-23716r1_chk )
Interview the IAO to validate compliance with the following requirement:
Ensure the VVoIP system only registers pre-authorized (e.g., pre-configured) instruments or endpoints.
NOTE: During auto-registration, This can be through an automated authorization process if available or by comparing the registration logs to the required and documented inventory of authorized instruments following any usage of auto-registration.
NOTE: Preauthorization occurs when the endpoint is pre-configured or provisioned in the LSC. The endpoint may also require pre-configuration or authorization prior to, or during deployment.

This is a finding if there are instruments registered with the LSC that are not authorized and/or that do not appear on the required inventory of authorized instruments.

Fix Text (F-20191r1_fix)
Configure the system to only register authorized VVoIP instruments.