Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19514 | VVoIP 5110 (LAN) | SV-21576r1_rule | ECSC-1 | Medium |
Description |
---|
Policy sets the minimum requirements for the availability and reliability of VVoIP systems and the supporting LAN with emphasis on C2 communications. Policy excerpts are as follows: From CJCSI 6215.01C Appendix A Enclosure C Based on the GIG MA ICD requirements associated with availability and reliability, the following requirements shall be met by IP based RTS. (a) Availability requirement for equipment/software serving Special C2 users is 0.99999 (b) Availability requirement for equipment/software serving C2 users is 0.99997 (c) Availability requirements for equipment/software serving C2 users that are authorized to originate Routine ONLY (C2R) and non C2 users is 0.999. From UCR 5.3.1.7.6 Availability LAN [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN has two configurations depending on whether it supports special C2 or C2 users. The ASLAN shall have a hardware availability designed to meet the needs of its subscribers: 1. Special C2. An ASLAN that supports special C2 users is classified a High Availability ASLAN and must meet 99.999 percent availability to include scheduled maintenance. 2. C2. An ASLAN that supports C2 users is classified as a Medium Availability ASLAN and must have 99.997 percent availability to include scheduled maintenance. [Required: Non-ASLAN] The non-ASLAN shall provide an availability of 99.9 percent to include scheduled maintenance. From UCR 5.3.1.7.7 Redundancy [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN shall have no single point of failure that can cause an outage of more than 96 IP telephony subscribers. In order to meet the availability requirements, all switching/routing platforms that offer service to more than 96 telephony subscribers shall provide redundancy in either of two ways: 1. The product itself (Core, Distribution, or Access) provides redundancy internally. 2. A secondary product is added to the ASLAN to provide redundancy to the primary product. See UCR 5.3.1.7.7.1 Single Product Redundancy and 5.3.1.7.7.2 Dual Product Redundancy for details. NOTE: In large LAN infrastructures, it is most likely that each network element in the core and distribution layers of the LAN will support in excess of 96 users whether they are C2 users or not. All users of VVUC services supported by the LAN deserve reliable communications, particularly in emergency situations. As such, these devices should possess the ability to fail-over to a redundant piece of hardware. At the network access layer (the layer where endpoints connect), this is more difficult. While redundant power supplies, backplanes, and processors can provide redundancy for a given NE, this is not possible for the portion of the NE to which the LAN drop cable attaches. Here there can be no automatic failover. The use of the 96 user figure at the access layer is in support of this requirement. Typically access layer modules or stand alone devices support 48 and fewer connections. So, while all access layer switches should have some form of internal redundancy, there is a point when this is not cost effective or possible. In this case, a failure must be mitigated by physically moving LAN drop connections to a hot-standby device or replacing the defective module. Also note that for a LAN that supports 96 or fewer VVUC users as a whole would mean that by policy omission redundancy is not required, it is best practice that redundancy exists in some manner and particularly at the core or that there is spare equipment available. NOTE: While the policy discusses availability and reliability, through LAN equipment redundancy for C2 and Special C2 users of VVUC services, similar availability and reliability through redundancy is needed in support of routine user emergency life-safety and security related communications. |
STIG | Date |
---|---|
Voice / Video Services Policy STIG | 2015-07-01 |
Check Text ( C-23782r1_chk ) |
---|
Interview the IAO to confirm compliance with the following requirement: Ensure all ASLAN (and optionally Non-ASLAN) switching/routing platforms that support more than 96 telephony subscribers/instruments (C2 or not) are redundant in the following manner: 1. Dual Power Supplies. The platform shall provide a minimum of two power supplies each with the power capacity to support the entire chassis. Loss of a single power supply shall not cause any loss of ongoing functions within the chassis. 2. Dual Processors (Control Supervisors). The chassis shall support dual control processors. Failure of any one processor shall not cause loss of any ongoing functions within the chassis (e.g., no loss of active calls). 3. Termination Sparing. The chassis shall support a (N + 1) sparing capability for available 10/100Base-T modules used to terminate to an IP subscriber. 4. Redundancy Protocol. Routing equipment shall support a protocol that allows for dynamic rerouting. 5. Switch Fabric or Backplane Redundancy. Switching platforms within the ASLAN shall support a redundant (1 + 1) switching fabric or backplane. The second fabric’s backplane shall be in active standby so that failure of the first shall not cause loss of ongoing events within the switch. OR A secondary product is added to the ASLAN to provide redundancy to the primary product. AND A redundancy protocol is implemented such that the failover over to the secondary product must not result in any lost calls. Determine if the LAN supports Special-C2 or C2 users. If so, determine which part (or parts) of the LAN directly supports these users. Inspect the system design documentation and specifications of the LAN network elements. This is a finding in the event the LAN is not designed to provide the required redundant processors, power supplies, etc as noted above or there is no secondary product through which VVUC services can be routed. This finding carries a severity of Cat II if the NE directly supports a Special-C2 or C2 user. This finding carries a severity of Cat III if the NE only directly supports C2R, or Non-C2/admin users. NOTE: This is not applicable if the LAN as a whole supports 96 or fewer VVUC users. In the event the LAN as a whole supports more than 96 VVUC users, there will be some portion of the LAN infrastructure to which this will be applicable. These will typically the core elements as a minimum. |
Fix Text (F-20226r1_fix) |
---|
Ensure all ASLAN (and optionally Non-ASLAN) switching/routing platforms that support more than 96 telephony subscribers/instruments (C2 or not) are redundant in the following manner: 1. Dual Power Supplies. The platform shall provide a minimum of two power supplies each with the power capacity to support the entire chassis. Loss of a single power supply shall not cause any loss of ongoing functions within the chassis. 2. Dual Processors (Control Supervisors). The chassis shall support dual control processors. Failure of any one processor shall not cause loss of any ongoing functions within the chassis (e.g., no loss of active calls). 3. Termination Sparing. The chassis shall support a (N + 1) sparing capability for available 10/100Base-T modules used to terminate to an IP subscriber. 4. Redundancy Protocol. Routing equipment shall support a protocol that allows for dynamic rerouting. 5. Switch Fabric or Backplane Redundancy. Switching platforms within the ASLAN shall support a redundant (1 + 1) switching fabric or backplane. The second fabric’s backplane shall be in active standby so that failure of the first shall not cause loss of ongoing events within the switch. OR A secondary product is added to the ASLAN to provide redundancy to the primary product. AND A redundancy protocol is implemented such that the failover over to the secondary product must not result in any lost calls. Upgrade as needed. NOTE: While redundancy may not be required by policy for NEs that support 96 VVUC users or less, it is best practice to provide redundancy or maintain spares such that service can be restored in a timely manner in the event of a failure. |