A site utilizing a commercial VoIP/SIP provider must use a provider compliant with FCC STIR/SHAKEN protocol rules.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-274463 | SRG-VOIP-000600 | SV-274463r1107631_rule | CCI-001548 | medium |
| Description | ||||
| The STIR/SHAKEN protocol required by recent FCC regulations ensures the authenticity of calling parties over voice communications. This protocol is aimed to reduce robocalls and spoofing. The carrier can digitally sign and verify the authenticity of caller ID information to combat fraudulent calls. | ||||
| STIG | Date | |||
| Enterprise Voice, Video, and Messaging Policy Security Requirements Guide | 2025-05-29 | |||
Details
Check Text (C-274463r1107631_chk)
Verify the commercial provider is compliant with the FCC STIR/SHAKEN regulations.
If the commercial provider is not compliant with FCC STIR/SHAKEN regulations, this is a finding.
Fix Text (F-78461r1107630_fix)
Ensure the commercial provider is compliant with FCC STIR/SHAKEN regulations.