The architecture of the LAN supporting the Voice Video system must provide enhanced reliability, availability, and bandwidth.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300611

Associated with: CCI-003072

VVSP-01-000142_rule The architecture of the LAN supporting the Voice Video system must provide enhanced reliability, availability, and bandwidth.

Vulnerability discussion

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services; and any other specific protection needs.The traditional circuit-switched telecommunications network is highly available and reliable, with 99.999 percent uptime for equipment and 99 percent to 99.9 percent for the entire system. This is achieved through a series of measures such as redundant hardware and network connectivity and backup power for the central switching equipment, which also provides power for the subscriber instruments. The DoD circuit-switched telecommunications network supports routine communications, emergency communications, and high-priority military Command and Control precedence. As these services migrate from circuit-switched technologies to IP-based technologies, this reliability and support must migrate with the service. Similar measures enhance the reliability and availability of Voice Video services on an IP network.

Check content

If the system does not support a minimum of 96 instruments, this requirement is not applicable. Review site documentation, network diagrams, and design information to confirm the LAN supporting Voice Video services provides enhanced reliability, availability, and bandwidth. Specific attention should be given in the areas of: - Bandwidth and traffic engineering (25 percent voice, 25 percent video, 50 percent data); - No single point of failure affecting service to more than 96 instruments; - Equipment reliability; - Equipment redundancy above the access layer; - Equipment robustness and bandwidth capability; - Connection redundancy above the access layer; - Connection bandwidth capability; - Access layer switch size (number of phones served); and - Backup power for all equipment. If the LAN supporting Voice Video services does not provide enhanced reliability, availability, and bandwidth or is deficient in these areas, this is a finding. This check is not intended to initiate an in-depth analysis of the network design. If the LAN is not properly designed, this should be easily discerned because many of the criteria will not be met unless the LAN was already designed for high reliability and availability before adding Voice Video services.

Fix text

Implement and document the architecture of the LAN supporting the Voice Video system to provide enhanced reliability, availability, and bandwidth. Voice bandwidth engineering is based on 102 kbps (each direction) for each IP call for IPv4 and 110.0 kbps for IPv6. Video bandwidth engineering is not simple since when present, a single video stream can use 160 kbps to 7.5 Mbps in addition to any audio stream.

Pro Tips

Powered by sagemincer