The organizations System Security Plan (SSP) for the Voice Video system must document the connection to the DISN WAN, its components, and any changes.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300611

Associated with: CCI-003072

VVSP-01-000155_rule The organizations System Security Plan (SSP) for the Voice Video system must document the connection to the DISN WAN, its components, and any changes.

Vulnerability discussion

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services; and any other specific protection needs.When the current Voice Video system configuration cannot be determined, it is difficult to apply security policies effectively. Security is particularly important for VoIP technologies attached to the enclave network because these systems increase the potential for eavesdropping and other unauthorized access to network resources. Accurate network documentation is critical to maintaining the network and understanding its security posture, threats, and vulnerabilities. When subscribing to unclassified or classified DISN Voice Services or connecting to the DISN WAN for Voice Video transport, the enclave must update the SSP documentation. Without connection approval, the site will not be included in the DISN Voice Services dial plan.

Check content

Review each organizational Voice Video SSP. Confirm the Voice Video system documents the connection to the DISN WAN, its components, and any changes. The DISN connections may include DISN Voice Services (classified or unclassified) or DISN transport. Verify the Voice Video system WAN connection and boundary are fully documented in the SSP. If the Voice Video system does not document the connection to the DISN WAN, its components, and any changes, this is a finding.

Fix text

Document in the Voice Video SSP the Voice Video system connection to the DISN WAN, its components, and any changes. The DISN connections may include DISN Voice Services (classified or unclassified) or DISN transport. Ensure the Voice Video system WAN connection and boundary are fully documented in the SSP. Obtain appropriate Authorizing Official approval for the updated documentation.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer