UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The hardware Voice Video Endpoint PC port must maintain VLAN separation from the voice video VLAN, or be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66705 SRG-NET-000057-VVEP-00012 SV-81195r1_rule Medium
Description
VLANs limit the ability for endpoint devices to hear anything on other VLANs. On an enterprise network, VLANs are used to collocate common data types. A VLAN will logically separate and isolate certain traffic from other traffic on the network, whether data, voice, or other. For this reason, VLANs are ideal for separating voice video management, control, and media traffic on an existing data network. The PC port must maintain VLAN separation from voice video traffic as part of a defense-in-depth strategy.
STIG Date
Voice Video Endpoint Security Requirements Guide 2017-01-04

Details

Check Text ( C-67331r1_chk )
If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable.

Verify the hardware Voice Video Endpoint PC port maintains VLAN separation from the voice video VLAN or is disabled. For networks with both VoIP and videoconferencing, best practice is to have a separate voice VLAN and video VLAN.

If the hardware Voice Video Endpoint PC port is disabled, this is not a finding. If the hardware Voice Video Endpoint PC port does not maintain VLAN separation from the voice video VLAN, this is a finding.
Fix Text (F-72781r1_fix)
Configure the hardware Voice Video Endpoint PC port to maintain VLAN separation from the voice video VLAN or be disabled.