The organization must implement and document the boundary routing device (Customer Edge [CE] router) used with the Session Border Controller (SBC) to connect all unclassified Voice Video systems to an external network.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-400019

Associated with: CCI-002073

VVSP-01-000042_rule The organization must implement and document the boundary routing device (Customer Edge [CE] router) used with the Session Border Controller (SBC) to connect all unclassified Voice Video systems to an external network.

Vulnerability discussion

Organizations must carefully consider the risks that may be introduced when information systems (i.e., system interconnections) are connected to other systems with different security requirements and security controls, both within organizations and external to organizations. Authorizing Officials must determine the risk associated with information system connections and the appropriate controls employed. Risk considerations also include information systems sharing the same networks. Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls, border controllers) mediate communications (i.e., information flows) between unclassified national security systems and external networks. Boundary protection is required for processing, storing, or transmitting all Voice Video media and signaling. For Voice Video, connection of unclassified systems to external systems requires an SBC to protect media and signaling traffic. Between the external network and the SBC, a boundary routing device, typically the CE router, must ensure all Voice Video media and signaling traffic is directed to the SBC.

Check content

Review each Voice Video system security plan (SSP). Confirm the organization implements and documents the boundary routing device (e.g., CE router) used with the SBC to connect all unclassified Voice Video systems to an external network in each SSP. If each Voice Video SSP does not implement and document the CE router for all unclassified connections to an external network, this is a finding.

Fix text

Implement and document the CE router used to connect all unclassified Voice Video systems to an external network. Each unclassified Voice Video system connecting to any external network must contain full documentation of the CE router used as a boundary routing device in each corresponding Voice Video SSP, to include connection approval. The architecture for the CE router must implement the router between the SBC and the external network, directing all Voice Video media and signaling traffic to the SBC.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer