An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels must be implemented in such a way that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259897 | SRG-VOIP-000170 | SV-259897r956911_rule | CCI-002204 | medium |
| Description | ||||
| Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network having a lower classification level. Ideally, the CODEC will be disconnected from any network while it is being reconfigured. However, the requirement can be met by using a procedure that purges the configuration for the currently connected network, power cycling the CODEC as required (for a minimum of 60 seconds per SRG-VOIP-000140) as the CODEC is switched to the next network, and then reconfiguring the CODEC for the next session. | ||||
| STIG | Date | |||
| Enterprise Voice, Video, and Messaging Policy Security Requirements Guide | 2025-05-29 | |||
Details
Check Text (C-259897r956911_chk)
Review the VTC system architecture documentation and observe system operation while transitioning between networks to verify one of the following:
- The CODEC is switched to a disconnected/unused switch position while it is being purged/reconfigured.
- The CODEC is purged while connected to one network, power cycled as it is switched to the next network, and then reconfigured for that network.
Alternately, if a manual switching procedure is used, verify the CODEC is physically disconnected from any network while being reconfigured.
If none of these procedures is being followed, this is a finding.
Fix Text (F-63535r946611_fix)
Do one of the following:
- Architect, implement, and configure the system so the A/B, A/B/C, or A/B/C/D switch connects the CODEC to an unused switch position while it is being reconfigured during transition from one network to another.
- Architect, implement, and configure the system so the CODEC configuration is purged before it is switched to the next network, the CODEC is power cycled for the required time period as the A/B, A/B/C, or A/B/C/D switch connects the CODEC to the next network, and then the CODEC is reconfigured for that network.
- If a manual switching procedure is used, physically disconnect the CODEC from any network while it is reconfigured for the next network.