From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300611
Associated with: CCI-003072
The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.
Review site documentation, network diagrams, and design information to confirm the Voice Video system and LAN design provide segmentation of the Voice Video system core device management traffic and interfaces. Verify the Voice Video system management is segregated or separated from production traffic and other management traffic such that access and traffic flow can be properly controlled. If the Voice Video system and LAN design do not provide segmentation of the Voice Video system core device management traffic and interfaces, this is a finding. NOTE: The Voice Video system management may be implemented as a VLAN or OOB network. This supports separation of duties between the data network and Voice Video network administrators. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway, or firewall.
Implement and document the Voice Video system and LAN design that provides segmentation of the Voice Video system core device management traffic and interfaces. The implementation may be a dedicated OOB network or a VLAN for the Voice Video system management. Ensure Voice Video system management is segregated or separated from production traffic and other management traffic such that access and traffic flow can be properly controlled and role-based access is supported. NOTE: The Voice Video system management may be implemented as a VLAN or OOB network. This supports separation of duties between the data network and Voice Video network administrators. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway, or firewall.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer