Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-21508 | VVT 2000 | SV-23717r1_rule | Medium |
Description |
---|
The inability to contact emergency services via the public telephone system and/or privately-owned Multi-Line Telephone Systems (MLTS) (such as PBXs and VoIP telephone systems) threatens life safety as well as facility protection and security. Emergency communications generally includes requests for fire, police, and/or medical assistance. In DoD, these communications can also include requests for Aircraft Rescue and Fire Fighting (ARFF), explosive ordnance disposal, and similar emergency situations. The inability of first responders to automatically locate the caller threatens life safety and facility protection or security. The ability to call an F&ES telephone number is called Basic F&ES Communications. The ability for the operator answering the emergency call to automatically determine the location of the caller and relay this information to the first responders is called Enhanced F&ES Communications. The ability to contact emergency services via the public telephone system has been mandated for many years in the US and other countries around the world. In the US, the FCC has mandated various aspects of providing enhanced F&ES communications and also relies upon state legislation to extend these rules. The Federal Communications Commission (FCC) rules primarily address public communications service providers including traditional LEC and CLECs, mobile communications providers, and VoIP communications providers. Support for enhanced emergency services communications by private MLTS is left to state legislation. Several states have such legislation today while more states are on the way. Eventually, most, if not all, states will likely have such legislation. Additionally, with respect to the DoD, DoDI 6055.06, DoD Fire and Emergency Services (F&ES) Program, December 21, 2006, provides DoD policy regarding emergency services and emergency services communications. While much of this policy addresses fire protection in general and more specifically training, staffing, and equipment, it also provides for telecommunications support for fire, medical, and security emergencies, whether directly or by implication. Several items of interest for this and subsequent STIG requirements are as follows: > 5.8. The Combatant Commanders, through Chairman of the Joint Chiefs of Staff, shall ensure F&ES protection of personnel, equipment, and facilities. > 6.6. Telecommunication Capability. Implement around-the-clock capability to conduct dedicated F&ES communications. > E8.1 Telecommunication Capability; Maintain around-the-clock capability to conduct essential F&ES communications. > E8.1.2. The DoD Components shall implement the installation F&ES alarm and communication function where feasible. > E8.1.2.1. Consolidate with an established continuously manned emergency communications center for all emergency services. > E8.1.2.4. DoD F&ES communications and dispatch functions may be provided by municipal F&ES or other outside agencies when those agencies compare favorably with DoD standards and can meet the prescribed communications criteria. Private telephone systems, in general, provide a large portion of the required telecommunication capability. All DoD telecommunications systems are private MLTS. As such, ALL private MLTS, VoIP or traditional must support enhanced emergency services communications for the completion of emergency calls. Per DoDI 6055.06, all sites must support, provide for, and implement F&ES telecommunications services. When implementing basic F&ES telecommunications services, each country or region designates a specific standard telephone number or prefix code to be dialed that can be easily remembered by the public. In some instances, while not best practice, organizations might designate an internal emergency number for use within their MLTS. PSTN LECs and CLECs must route calls to this number in a non-blocking priority manner. Examples of such numbers are as follows: > 911 in North America > 112 in the EU and UK > 000 in Australia In some cases countries use a separate code for Police vs Medical vs Fire. A rather comprehensive listing can be found at http://en.wikipedia.org/wiki/Emergency_telephone_number. Issues arise when an emergency call is originated through a private phone system, such as a traditional PBX or a VVoIP system. While the LEC or CLEC may properly route the call in a priority manner, the same may not be true for the private system unless specificity addressed in the systems call routing tables and potentially other system features. This is an issue when providing emergency communications services as a best practice or in compliance with governmental mandate. As such, the private system must be configured to properly handle emergency communications. Enhanced F&ES communications permits the answering station to automatically locate the caller. This is particularly helpful when the caller cannot provide their location themselves. Enhanced F&ES communications is generally mandated by the FCC and state legislation. It is today’s state of the art and its implementation is a best practice. The enhanced F&ES communications capability is enabled using Automatic Number Identification (ANI) and Automatic Location Identification (ALI) information. ANI provides the telephone number of the calling party and is generated by the telephone system/switch. ALI associates the calling party’s number (ANI information) with their address, or registered the address/location of the phone being used. ALI is provided by a database function. The database may be maintained within the telephone system/switch or externally. In many cases, the F&ES answering service system will use the ALI information to map the location of the calling phone. ALI information in the public sector is maintained by the telephone service providers and is generally based on billing records. This works fine for traditional phones that have a fixed location at the end of a telephone company wire. VoIP phones, on the other hand, can be connected anywhere in the world and function. This is an issue for commercial VoIP services which is being addressed by the FCC. ALI information in the private sector must be handled by the owners/operators of private MLTS. If a private MLTS is to support enhanced F&ES telecommunications, an ALI database must be instituted and maintained current as instruments and numbers move around a facility or site. While, in many cases, this may be a manual task, automated systems are being developed. NOTE: Notwithstanding system configuration and capabilities, the system must also remain fully functional, minimally for a reasonable time period, in the event primary power is lost. As such, both traditional PBXs and VVoIP systems along with their supporting LAN infrastructure must be provided with sufficient backup power. Specific requirements for voice communications system backup power are addressed in additional requirements. |
STIG | Date |
---|---|
Voice Video Services Policy STIG | 2016-06-24 |
Check Text ( C-25742r1_chk ) |
---|
Interview the IAO to validate compliance with the following requirement: Ensure the site provides for the local DoD Multi-Line Telecommunications System (MLTS), VoIP or traditional, and supports enhanced Fire and Emergency Services (F&ES) telecommunications as follows: > The site has implemented support for DoDI 6055.06 through local policies, procedures, staffing, and facilities; or agreements/contracts with external agencies. > The site’s telephone system supports enhanced F&ES emergency communications. > If the site’s telephone system is a private MLTS (VoIP or traditional), the system provides Automatic Number Identification (ANI) information to the emergency services answering point and a Phone Switch Automatic Location Identification (PS-ALI) database is established within the telephone system or externally, the information from which is accessible to the emergency services answering point. > The site maintains the PS-ALI database and keeps it current with all telephone adds/moves and number changes. |
Fix Text (F-22297r1_fix) |
---|
Ensure the site provides for the local DoD Multi-Line Telecommunications System (MLTS), VoIP or traditional, and supports enhanced Fire and Emergency Services (F&ES) telecommunications as follows: > The site has implemented support for DoDI 6055.06 through local policies, procedures, staffing, and facilities; or agreements/contracts with external agencies. > The site’s telephone system supports enhanced F&ES emergency communications. > If the site’s telephone system is a private MLTS (VoIP or traditional), the system provides Automatic Number Identification (ANI) information to the emergency services answering point and a Phone Switch Automatic Location Identification (PS-ALI) database is established within the telephone system or externally, the information from which is accessible to the emergency services answering point or call center. > The site maintains the PS-ALI database and keeps it current with all telephone adds/moves and number changes. Implement a fire and emergency services telecommunications system. |