From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300447
Associated with: CCI-001972 CCI-001973
Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, device-unique identifiers, and phone numbers. Preventing reuse of identifiers implies preventing the assignment of previously used identifiers to different devices. For Voice Video systems, the importance of preventing reuse must also consider fire and emergency services (FES) requirements for life safety and Command and Control (C2) requirements mandating communications among top-level officials.
Review each Voice Video system security plan (SSP). Ensure the organization manages Voice Video system component IP ranges by selecting and assigning IP ranges and IP addresses for Voice Video system components separate from those used by other system devices. Ensure a dedicated address block is defined for the Voice Video system within the LAN separate from the address blocks used by all other system devices, limiting traffic through access control using firewalls and router Access Control Lists (ACLs). The Voice Video system components include session managers, session border controller internal and external interfaces, Customer Edge (CE) (premise) router internal interfaces, Voice Video hardware endpoints, and adjunct Unified Capability (UC) systems. If the LAN supporting the Voice Video system is a closed unclassified LAN, an unclassified LAN connected to an unclassified WAN (e.g., NIPRNet, Internet), a closed classified LAN, or a classified LAN connected to a classified WAN (e.g., SIPRNet), this is applicable. If the LAN supporting the Voice Video system is a classified WAN where network-wide address-based accountability or traceability is required by the network PMO, the PMO must provide segregated, network-wide address blocks for the attached classified LANs to meet this requirement. If the organization does not designate and assign IP ranges and IP addresses for Voice Video system components that are separate from those used by other system devices, to include the general LAN, data VLANs, and management VLANs, this is a finding.
Document in each Voice Video SSP the management of Voice Video system component IP ranges by selecting and assigning IP ranges and IP addresses for Voice Video system components separate from those used by other system devices. Implement Voice Video systems and components on a logically segregated and dedicated Voice Video network. Ensure dedicated address blocks or ranges are defined for the Voice Video system within the LAN separate from the address blocks used by other system devices, to include the general LAN, data VLANs, and management VLANs, thus allowing traffic and access control using firewalls and router ACLs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer