UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VVoIP component(s) are NOT addressed using the defined dedicated VVoIP system addresses


Overview

Finding ID Version Rule ID IA Controls Severity
V-19628 VVoIP 5225 (LAN) SV-21769r1_rule Medium
Description
The protection of the VVoIP system is enhanced by ensuring all VVoIP systems and components within the LAN (Enclave) are deployed using separate address blocks from the normal data address blocks. This is one of the required steps required to help protect the VVoIP infrastructure and services by allowing traffic and access control via firewalls and router ACLs.
STIG Date
Voice/Video over Internet Protocol (VVoIP) STIG 2017-01-04

Details

Check Text ( C-23948r1_chk )
Ensure all VVoIP systems and components within the LAN (Enclave) are deployed using the dedicated VVoIP address space defined in the VVoIP system design for the given network type.

Inspect the VVoIP core equipment components (endpoints checked separately) to determine if they are addressed using the dedicated VVoIP address space defined in the VVoIP system design for the given network type.

NOTE: The affected devices in this case are as follows:
> VVoIP Call or session controllers; LSC / MFSS
> Adjunct UC systems
> Edge Boundary Controller (EBC) internal and external interfaces
> Customer Edge (Premise) router internal interface to the VVoIP VLANs
Fix Text (F-20332r1_fix)
Ensure all VVoIP systems and components within the LAN (Enclave) are deployed using the using the dedicated VVoIP address space defined in the VVoIP system design for the given network type.

NOTE: This is applicable to the following:
> A closed unclassified LAN
> A unclassified LAN connected to a unclassified WAN such as the NIPRNet or Internet
> A closed classified LAN
> A classified LAN connected to a classified WAN (such as the SIPRNet).

NOTE: In the case of a classified WAN where network wide address based accountability or traceability is required by the network PMO, the PMO must provide a segregated, network wide address block(s) so that the attached classified LANs can meet this requirement.

Provide or use a dedicated address space for the VVoIP system that is segregated from the address space used for the general LAN, management VLANs, and other segregated services running on the LAN.

Use this address space when configuring VVoIP VLANs and when assigning addresses to VVoIP endpoints and core equipment.