Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19500 | VVoIP 5100 (LAN) | SV-21562r1_rule | ECSC-1 | Low |
Description |
---|
• The traditional circuit switched telecommunications network is in general highly available highly and reliable on the order of 5 - 9s (99.999% uptime) reliability for the equipment and an aggregate of 2 to 3 9s for entire system and its provided services. This is achieved through a series of measures such as redundant hardware and network connectivity as well as backup power for the central switching equipment which also provides power for the subscriber instruments. • The traditional circuit switched telecommunications network supports routine communications, emergency communications, and high priority military command and control communications. Military telecommunications systems support various user types Special-C2, C2, C2-Routine (C2R), Non-C2, and administrative. C2 and Special-C2 users require higher levels of reliability and availability then do the rest. • As these services migrate from circuit switched technologies to packet switched IP based technologies, this reliability and support is expected to and must migrate with the service. • Similar measures are used to enhance the reliability and availability of VVoIP services on an IP network as are used in a circuit switched network. NOTE: from CJCSI 6215.01C Appendix A Enclosure C Availability requirement for equipment/software serving C2 users that are authorized to originate Routine ONLY (C2R) and non C2 users is 0.999. While this also states that no uninterrupted power supply is required (as a cost savings), all equipment and instruments in a VVOIP system should be provided with backup power in support of emergency, security, and life safety related communications. Also from the UCR, 5.3.1.7.3.1 Voice Services 1. Voice IP subscribers do not exceed more than 25 percent of available bandwidth (in LAN equipment and links) 2. No single point of failure within the ASLAN can cause a voice service outage to more than 96 users. 5.3.1.7.3.3 Data Services The LAN will be engineered for a ratio of 25 percent voice, 25 percent video, and 50 percent data. Data traffic can burst up to the full link capacity if voice and video are not present. |
STIG | Date |
---|---|
Voice / Video Services Policy STIG | 2015-07-01 |
Check Text ( C-23780r1_chk ) |
---|
Interview the IAO to confirm compliance with the following requirement: Ensure any LAN that supports VVoIP services is designed and implemented to provide enhanced reliability, availability, and bandwidth for those services. Review the network diagrams and design information to determine if the LAN is designed to provide the required enhanced reliability and availability for the supported VVoIP services. Specific attention should be given in the areas of: - Bandwidth and traffic engineering (25% voice, 25% video, 50% data) - No single points of failure affecting service to greater than 96 instruments. - Equipment reliability - Equipment redundancy above the access layer - Equipment robustness and bandwidth capability - Connection redundancy above the access layer - Connection bandwidth capability - Access layer switch size / number of phones served - Backup power for all equipment. NOTE: Voice bandwidth engineering is based on 102 kbps (each direction) for each IP call for IPv4 and 110.0 kbps for IPv6. Video bandwidth engineering is not so simple since when present, a single video stream can utilize 160kbps to 7.5Mbps in addition to any audio stream. See the UCR for details. This is a finding in the event the design is generally deficient in these areas. NOTE: this check is not intended to initiate an in depth analysis of the network design. If the LAN is not is not properly designed it should be easily discerned because many of the criteria will not be met unless the LAN was already designed for high reliability and availability before adding VVUC services. If VoIP is added to a basic LAN infrastructure that has not been properly designed, the service will not be reliable. |
Fix Text (F-20216r1_fix) |
---|
Ensure the LAN that supports VVoIP services is designed and implemented to provide enhanced reliability and availability for those services. Redesign and Upgrade the LAN infrastructure as necessary to meet requirements. Specific attention should be given in the areas of: - Bandwidth and traffic engineering (25% voice, 25% video, 50% data) - No single points of failure affecting service to greater than 96 instruments. - Equipment reliability - Equipment redundancy above the access layer - Equipment robustness and bandwidth capability - Connection redundancy above the access layer - Connection bandwidth capability - Access layer switch size / number of phones served - Backup power for all equipment. NOTE: Voice bandwidth engineering is based on 102 kbps (each direction) for each IP call for IPv4 and 110.0 kbps for IPv6. Video bandwidth engineering is not so simple since when present, a single video stream can utilize 160kbps to 7.5Mbps in addition to any audio stream. See the UCR for details. |