VVoIP or VTC endpoints are NOT integrated into the implemented 802.1x LAN access control system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19653	VVoIP 5305 (LAN)	SV-21794r1_rule	ECSC-1	Medium

Description
IEEE 802.1x is a protocol that is used to control access to LAN services via a LAN access switchport or wireless access point. It requires a device or user (supplicant) to authenticate to the network element (authenticator) and become authorized by the authentication server before the authenticator provides access to the LAN. This process is used to activate the LAN access switchport and potentially limit traffic to a specific VLAN and/or install traffic filters. This method is more secure and capable than using basic MAC based port security. As such, it is required to be used in certain circumstances by the Network Infrastructure STIG. When 802.1x is used, all devices connecting to the LAN are required to use 802.1x.

Description

IEEE 802.1x is a protocol that is used to control access to LAN services via a LAN access switchport or wireless access point. It requires a device or user (supplicant) to authenticate to the network element (authenticator) and become authorized by the authentication server before the authenticator provides access to the LAN. This process is used to activate the LAN access switchport and potentially limit traffic to a specific VLAN and/or install traffic filters. This method is more secure and capable than using basic MAC based port security. As such, it is required to be used in certain circumstances by the Network Infrastructure STIG. When 802.1x is used, all devices connecting to the LAN are required to use 802.1x.

STIG	Date
Voice/Video over Internet Protocol STIG	2015-01-05

Details

Check Text ( C-24004r1_chk )
Interview the IAO to confirm compliance with the following requirement: In the event the required LAN access control implementation uses 802.1x, ensure the VVoIP or VTC endpoint is integrated into the implemented 802.1x LAN access control system. Determine if the requirement to implement LAN access port security is fulfilled by an implementation of 802.1x. If so, determine if the VVoIP or VTC endpoints are integrated into the 802.1x system. This is a finding in the event 802.1x is used within the LAN but one or more VVoIP or VTC endpoints are not configured as 802.1x supplicants whether the endpoints support 802.1x or not.

Check Text ( C-24004r1_chk )

Interview the IAO to confirm compliance with the following requirement:

In the event the required LAN access control implementation uses 802.1x, ensure the VVoIP or VTC endpoint is integrated into the implemented 802.1x LAN access control system.

Determine if the requirement to implement LAN access port security is fulfilled by an implementation of 802.1x. If so, determine if the VVoIP or VTC endpoints are integrated into the 802.1x system.

This is a finding in the event 802.1x is used within the LAN but one or more VVoIP or VTC endpoints are not configured as 802.1x supplicants whether the endpoints support 802.1x or not.

Fix Text (F-20357r1_fix)
In the event the required LAN access control implementation uses 802.1x, configure all VVoIP or VTC endpoints to use the 802.1x LAN access control system.