The LAN hardware asset does not provide the required redundancy to support the availability/reliability needs of the C2 and Special C2 users of VVoIP services for command and control communications.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-21517	VVoIP 5111 (LAN)	SV-23729r1_rule	DCBP-1	Medium

Description
Policy sets the minimum requirements for the availability and reliability of VVoIP systems and the supporting LAN with emphasis on C2 communications. The high availability and reliability required for spedial-C2 and C2 users is achieved in part by redundancy within the LAN network elements. For further detail, see VVoIP 5110 (LAN)

STIG	Date
Voice/Video over Internet Protocol STIG	2015-01-05

Details

Check Text ( C-25769r1_chk )
Interview the IAO to Determine if the LAN supports Special-C2 or C2 users. If so, determine which part (or parts) of the LAN directly supports these users. Determine which parts of the LAN support Special-C2 users, which parts support C2 users, and which parts support only C2R and Non-C2/admin users. Use this information when performing the next steps.

Fix Text (F-22309r1_fix)
Ensure all ASLAN (and optionally Non-ASLAN) switching/routing platforms that support more than 96 telephony subscribers/instruments (C2 or not) are redundant in the following manner: 1. Dual Power Supplies. The platform shall provide a minimum of two power supplies each with the power capacity to support the entire chassis. Loss of a single power supply shall not cause any loss of ongoing functions within the chassis. 2. Dual Processors (Control Supervisors). The chassis shall support dual control processors. Failure of any one processor shall not cause loss of any ongoing functions within the chassis (e.g., no loss of active calls). 3. Termination Sparing. The chassis shall support a (N + 1) sparing capability for available 10/100Base-T modules used to terminate to an IP subscriber. 4. Redundancy Protocol. Routing equipment shall support a protocol that allows for dynamic rerouting. 5. Switch Fabric or Backplane Redundancy. Switching platforms within the ASLAN shall support a redundant (1 + 1) switching fabric or backplane. The second fabric’s backplane shall be in active standby so that failure of the first shall not cause loss of ongoing events within the switch. OR A secondary product is added to the ASLAN to provide redundancy to the primary product. AND A redundancy protocol is implemented such that the failover over to the secondary product must not result in any lost calls. Upgrade as needed. NOTE: While redundancy may not be required by policy for NEs that support 96 VVUC users or less, it is best practice to provide redundancy or maintain spares such that service can be restored in a timely manner in the event of a failure.

Fix Text (F-22309r1_fix)

Ensure all ASLAN (and optionally Non-ASLAN) switching/routing platforms that support more than 96 telephony subscribers/instruments (C2 or not) are redundant in the following manner:
1. Dual Power Supplies. The platform shall provide a minimum of two power supplies each with the power capacity to support the entire chassis. Loss of a single power supply shall not cause any loss of ongoing functions within the chassis.
2. Dual Processors (Control Supervisors). The chassis shall support dual control processors. Failure of any one processor shall not cause loss of any ongoing functions within the chassis (e.g., no loss of active calls).
3. Termination Sparing. The chassis shall support a (N + 1) sparing capability for available 10/100Base-T modules used to terminate to an IP subscriber.
4. Redundancy Protocol. Routing equipment shall support a protocol that allows for dynamic rerouting.
5. Switch Fabric or Backplane Redundancy. Switching platforms within the ASLAN shall support a redundant (1 + 1) switching fabric or backplane. The second fabric’s backplane shall be in active standby so that failure of the first shall not cause loss of ongoing events within the switch.
OR
A secondary product is added to the ASLAN to provide redundancy to the primary product.
AND
A redundancy protocol is implemented such that the failover over to the secondary product must not result in any lost calls.

Upgrade as needed.

NOTE: While redundancy may not be required by policy for NEs that support 96 VVUC users or less, it is best practice to provide redundancy or maintain spares such that service can be restored in a timely manner in the event of a failure.