The hardware Voice Video Endpoint must use Media Access Control Security (MACsec) to protect the confidentiality and integrity of transmitted information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66697	SRG-NET-000371-VVEP-00008	SV-81187r2_rule		Medium

Description
Media Access Control Security is an industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. MACsec is standardized in IEEE 802.1AE. MACsec can be used in combination with other security protocols such as IP Security (IPsec) and Secure Sockets Layer (SSL) to provide end-to-end network security. Without protection of the transmitted information, confidentiality and integrity may be compromised as unprotected communications can be intercepted and either read or altered. MACsec protects hardware endpoints during registration, authentication, and media streaming that often involve unsecured protocols, ensuring data integrity and confidentiality is maintained.

Description

Media Access Control Security is an industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. MACsec is standardized in IEEE 802.1AE. MACsec can be used in combination with other security protocols such as IP Security (IPsec) and Secure Sockets Layer (SSL) to provide end-to-end network security. Without protection of the transmitted information, confidentiality and integrity may be compromised as unprotected communications can be intercepted and either read or altered. MACsec protects hardware endpoints during registration, authentication, and media streaming that often involve unsecured protocols, ensuring data integrity and confidentiality is maintained.

STIG	Date
Voice Video Endpoint Security Requirements Guide	2016-06-24

Details

Check Text ( C-67323r1_chk )
If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint uses MACsec to protect the confidentiality and integrity of transmitted information. If the hardware Voice Video Endpoint does not implement MACsec to protect the confidentiality and integrity of transmitted information, this is a finding.

Fix Text (F-72773r1_fix)
Configure the hardware Voice Video Endpoint to implement MACsec to protect the confidentiality and integrity of transmitted information.