A site utilizing a commercial VoIP/SIP provider must use a provider compliant with FCC STIR/SHAKEN protocol rules.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-274463 | SRG-VOIP-000600 | SV-274463r1107631_rule | CCI-001548 | medium |
| Description | ||||
| The STIR/SHAKEN protocol required by recent FCC regulations ensures the authenticity of calling parties over voice communications. This protocol is aimed to reduce robocalls and spoofing. The carrier can digitally sign and verify the authenticity of caller ID information to combat fraudulent calls. | ||||
| STIG | Date | |||
| Enterprise Voice, Video, and Messaging Policy Security Requirements Guide | 2025-05-29 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-4
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.3
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001548
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-274463r1107631_chk)
Verify the commercial provider is compliant with the FCC STIR/SHAKEN regulations.
If the commercial provider is not compliant with FCC STIR/SHAKEN regulations, this is a finding.
Fix Text (F-78461r1107630_fix)
Ensure the commercial provider is compliant with FCC STIR/SHAKEN regulations.