From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-400019
Associated with: CCI-002073
Organizations must carefully consider the risks that may be introduced when information systems (i.e., system interconnections) are connected to other systems with different security requirements and security controls, both within organizations and external to organizations. Authorizing Officials determine the risk associated with information system connections and the appropriate controls employed. Risk considerations also include information systems sharing the same networks.
Review each Voice Video system security plan (SSP). Confirm the organization documents and implements the ACLs permitting specific inbound/outbound traffic and denying all other traffic at the bidirectional enclave boundary protection used between the local Voice Video system management network and the DISN voice services management network. The enclave boundary protection device must be implemented at the entry point of the DISN management network to inspect the ACLs on the boundary protection devices to ensure a deny-by-default posture allowing only specifically required protocol traffic between specific pairs of IP addresses across the boundary. The inbound ACL must include: - The ability to permit the specifically authorized and required protocol sourced from the IP address of the specifically authorized device on the DISN management network to reach the specific IP address of the managed device or required local management server; - Additional statements for each protocol and IP address pair; and - Deny all other traffic. The outbound ACL must include: - The ability to permit the specifically authorized and required protocol sourced from the specific IP address of the managed device or any required local management server to reach the specific IP address of the specifically authorized device on the DISN management network; - Additional statements for each protocol and IP address pair; and Deny all other traffic. If the organization does not implement and document the ACLs permitting specific inbound/outbound traffic and denying all other traffic at the bidirectional enclave boundary protection used between the local Voice Video system management network and the DISN Voice Services management network, this is a finding.
Implement and document the ACLs permitting specific inbound/outbound traffic and denying all other traffic at the bidirectional enclave boundary protection used between the local Voice Video system management network and the DISN Voice Services management network. The inbound ACL must include: - The ability to permit the specifically authorized and required protocol sourced from the IP address of the specifically authorized device on the DISN management network to reach the specific IP address of the managed device or required local management server; - Additional statements for each protocol and IP address pair; and - Deny all other traffic. The outbound ACL must include: - The ability to permit the specifically authorized and required protocol sourced from the specific IP address of the managed device or any required local management server to reach the specific IP address of the specifically authorized device on the DISN management network; - Additional statements for each protocol and IP address pair; and - Deny all other traffic.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer