The LAN supporting VVoIP services for special-C2 and C2 users is not designed or implemented as a DOD ASLAN in accordance with the current UCR and therefore cannot support assured service in support of C2 communications reliability and availability requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-8302	VVoIP 5105 (LAN)	SV-8797r1_rule	ECSC-1	Low

Description
Voice services in support of C2 and Special C2 users are required to meet certain minimum requirements relating to reliability and survivability of the supporting infrastructure. These requirements are defined in the current CJCSI 6215.01x Policy for DoD Voice Networks With Real Time Services (RTS). Design requirements for networks supporting DOD IPT/VoIP implementations can be found in the Unified Capabilities Requirements (UCR) specification document. This document contains the design specifications for an Assured Services Local Area Network (ASLAN) which is required to support DOD IP based voice services. These specifications define LAN design requirements for redundancy of equipment and their interconnections as well as minimum requirements for bandwidth and backup power, including the maximum number of endpoints that can be affected by a single point of failure. Policy sets the minimum requirements for the availability and reliability of VVoIP systems and the supporting LAN with emphasis on C2 communications. Policy excerpts are as follows: From CJCSI 6215.01C Appendix A Enclosure C Based on the GIG MA ICD requirements associated with availability and reliability, the following requirements shall be met by IP based RTS. (a) Availability requirement for equipment/software serving Special C2 users is 0.99999 (b) Availability requirement for equipment/software serving C2 users is 0.99997 (c) Availability requirements for equipment/software serving C2 users that are authorized to originate Routine ONLY (C2R) and non C2 users is 0.999. From UCR 5.3.1.7.6 Availability LAN [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN has two configurations depending on whether it supports special C2 or C2 users. The ASLAN shall have a hardware availability designed to meet the needs of its subscribers: 1. Special C2. An ASLAN that supports special C2 users is classified a High Availability ASLAN and must meet 99.999 percent availability to include scheduled maintenance. 2. C2. An ASLAN that supports C2 users is classified as a Medium Availability ASLAN and must have 99.997 percent availability to include scheduled maintenance. [Required: Non-ASLAN] The non-ASLAN shall provide an availability of 99.9 percent to include scheduled maintenance. From UCR 5.3.1.7.7 Redundancy [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN shall have no single point of failure that can cause an outage of more than 96 IP telephony subscribers. In order to meet the availability requirements, all switching/routing platforms that offer service to more than 96 telephony subscribers shall provide redundancy in either of two ways: 1. The product itself (Core, Distribution, or Access) provides redundancy internally. 2. A secondary product is added to the ASLAN to provide redundancy to the primary product. See UCR 5.3.1.7.7.1 Single Product Redundancy and 5.3.1.7.7.2 Dual Product Redundancy for details.

Description

Voice services in support of C2 and Special C2 users are required to meet certain minimum requirements relating to reliability and survivability of the supporting infrastructure. These requirements are defined in the current CJCSI 6215.01x Policy for DoD Voice Networks With Real Time Services (RTS). Design requirements for networks supporting DOD IPT/VoIP implementations can be found in the Unified Capabilities Requirements (UCR) specification document. This document contains the design specifications for an Assured Services Local Area Network (ASLAN) which is required to support DOD IP based voice services. These specifications define LAN design requirements for redundancy of equipment and their interconnections as well as minimum requirements for bandwidth and backup power, including the maximum number of endpoints that can be affected by a single point of failure. Policy sets the minimum requirements for the availability and reliability of VVoIP systems and the supporting LAN with emphasis on C2 communications. Policy excerpts are as follows: From CJCSI 6215.01C Appendix A Enclosure C Based on the GIG MA ICD requirements associated with availability and reliability, the following requirements shall be met by IP based RTS. (a) Availability requirement for equipment/software serving Special C2 users is 0.99999 (b) Availability requirement for equipment/software serving C2 users is 0.99997 (c) Availability requirements for equipment/software serving C2 users that are authorized to originate Routine ONLY (C2R) and non C2 users is 0.999. From UCR 5.3.1.7.6 Availability LAN [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN has two configurations depending on whether it supports special C2 or C2 users. The ASLAN shall have a hardware availability designed to meet the needs of its subscribers: 1. Special C2. An ASLAN that supports special C2 users is classified a High Availability ASLAN and must meet 99.999 percent availability to include scheduled maintenance. 2. C2. An ASLAN that supports C2 users is classified as a Medium Availability ASLAN and must have 99.997 percent availability to include scheduled maintenance. [Required: Non-ASLAN] The non-ASLAN shall provide an availability of 99.9 percent to include scheduled maintenance. From UCR 5.3.1.7.7 Redundancy [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN shall have no single point of failure that can cause an outage of more than 96 IP telephony subscribers. In order to meet the availability requirements, all switching/routing platforms that offer service to more than 96 telephony subscribers shall provide redundancy in either of two ways: 1. The product itself (Core, Distribution, or Access) provides redundancy internally. 2. A secondary product is added to the ASLAN to provide redundancy to the primary product. See UCR 5.3.1.7.7.1 Single Product Redundancy and 5.3.1.7.7.2 Dual Product Redundancy for details.

STIG	Date
Voice/Video Services Policy STIG	2014-04-07

Details

Check Text ( C-23781r1_chk )
Interview the IAO and review site network/facilities diagrams and documentation to confirm compliance with the following requirement: In the event VVoIP services are provided by an IP based network to Special-C2 and C2 subscribers/users, ensure the network supporting VVoIP services (i.e., the underlying data network) is designed and implemented as an Assured Services Local Area Network (ASLAN) such that it will possess bandwidth, reliability, survivability, quality of service (QoS) and prioritization capabilities in accordance with the current Unified Capabilities Requirements (UCR) specifications. NOTE: This applies to all types of C2 users whether they have the need to originate precedence calls or not. C2 routine users may receive high priority calls therefore the LAN must support the capability. Determine the types of users or subscribers supported by the IP VVoIP services network. Refer to the Procedures Guide for the various user/subscriber type definitions to determine applicability of this requirement. This is a finding in the event the LAN is not designed as an ASLAN in support of its C2 and Special-C2 user’s availability and reliability requirements. The following is a list of the areas to be addressed by the design (validation will be addressed later): Specific attention should be given in the areas of: - Equipment reliability and redundancy - Connection redundancy above the access layer - Equipment robustness and bandwidth capability - Connection bandwidth capability - Access layer switch size / number of phones served - Single points of failure affecting service to greater than 96 instruments. - Backup power for all equipment. >> 2 hours for all equipment and instruments supporting C2 users >> 8 hours for all equipment and instruments supporting Special-C2 users Specific requirements or deficiencies will be investigated in subsequent checklist items. NOTE: The primary difference between this requirement and the general requirement checked earlier is that the availability and reliability requirements in support of C2 and Special-C2 users are higher than C2R, Non C2, and administrative users.

Check Text ( C-23781r1_chk )

Interview the IAO and review site network/facilities diagrams and documentation to confirm compliance with the following requirement:

In the event VVoIP services are provided by an IP based network to Special-C2 and C2 subscribers/users, ensure the network supporting VVoIP services (i.e., the underlying data network) is designed and implemented as an Assured Services Local Area Network (ASLAN) such that it will possess bandwidth, reliability, survivability, quality of service (QoS) and prioritization capabilities in accordance with the current Unified Capabilities Requirements (UCR) specifications.
NOTE: This applies to all types of C2 users whether they have the need to originate precedence calls or not. C2 routine users may receive high priority calls therefore the LAN must support the capability.

Determine the types of users or subscribers supported by the IP VVoIP services network. Refer to the Procedures Guide for the various user/subscriber type definitions to determine applicability of this requirement.

This is a finding in the event the LAN is not designed as an ASLAN in support of its C2 and Special-C2 user’s availability and reliability requirements. The following is a list of the areas to be addressed by the design (validation will be addressed later):

Specific attention should be given in the areas of:
- Equipment reliability and redundancy
- Connection redundancy above the access layer
- Equipment robustness and bandwidth capability
- Connection bandwidth capability
- Access layer switch size / number of phones served
- Single points of failure affecting service to greater than 96 instruments.
- Backup power for all equipment.
>> 2 hours for all equipment and instruments supporting C2 users
>> 8 hours for all equipment and instruments supporting Special-C2 users

Specific requirements or deficiencies will be investigated in subsequent checklist items.

NOTE: The primary difference between this requirement and the general requirement checked earlier is that the availability and reliability requirements in support of C2 and Special-C2 users are higher than C2R, Non C2, and administrative users.

Fix Text (F-20217r1_fix)
Ensure that the network supporting VVoIP services (i.e., the underlying data network) is designed and implemented as an Assured Services Local Area Network.(ASLAN) and will possess bandwidth, reliability, survivability, quality of service (QoS) and prioritization capabilities in accordance with the current Unified Capabilities Requirements (UCR) specifications Upgrade the LAN infrastructure as necessary to meet requirements of a DoD ASLAN supporting C2 users as specified in the UCR and CJCSI 6215.01x.

Fix Text (F-20217r1_fix)

Ensure that the network supporting VVoIP services (i.e., the underlying data network) is designed and implemented as an Assured Services Local Area Network.(ASLAN) and will possess bandwidth, reliability, survivability, quality of service (QoS) and prioritization capabilities in accordance with the current Unified Capabilities Requirements (UCR) specifications

Upgrade the LAN infrastructure as necessary to meet requirements of a DoD ASLAN supporting C2 users as specified in the UCR and CJCSI 6215.01x.