From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-400005
Associated with: CCI-000063
Remote access is connection to organizational information systems by users communicating through external networks (e.g., the Internet). Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality and integrity over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate security controls (e.g., employing appropriate encryption techniques for confidentiality and integrity protection) may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks.
Review the Voice Video system design documents. All remote access to the Voice Video system must be fully documented. Ensure traffic from a Unified Capabilities (UC) soft client, operated in a remote-access scenario and using an encrypted VPN as required, is routed to the VoIP VLAN so the separation of the voice and data zones is not degraded while all other traffic is routed to the data zone. Ensure traffic from a video conferencing (VC) soft client, operated in a remote-access scenario and using an encrypted VPN as required, is routed to the Video VLAN without degrading other traffic routed to the voice and data zones. Inspect network diagrams to determine if the boundary and remote access VLAN architecture properly routes Voice Video traffic from the VPN to the voice and video VLANs while maintaining proper flow control and access between the data VLANs and the Voice Video VLANs. If the Voice Video system design does not fully document all remote access to the Voice Video system, this is a finding. If the boundary and remote access VLAN architecture does not properly route Voice Video traffic from the VPN to the Voice Video VLANs while maintaining proper flow control and access between the data VLANs and the Voice Video VLANs, this is a finding.
The organization must document all remote access to the Voice Video system. Design the traffic from a UC soft client, operated in a remote-access scenario and using an encrypted VPN as required, to be routed to the VoIP VLAN such that the separation of the voice and data zones is not degraded while all other traffic is routed to the data zone. Design the traffic from a VC soft client, operated in a remote-access scenario and using an encrypted VPN as required, to be routed to the Video VLAN without degrading other traffic routed to the voice and data zones. Design and configure the enclave boundary and remote access VLAN architecture to properly route VoIP traffic from the VPN to the voice VLANs and maintain proper flow control and access between the data VLANs and the voice VLANs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer