The organizations System Security Plan (SSP) for the Voice Video system must document the subscription to or integration with the DISN Voice Service at the appropriate classification level.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300611

Associated with: CCI-003072

VVSP-01-000156_rule The organizations System Security Plan (SSP) for the Voice Video system must document the subscription to or integration with the DISN Voice Service at the appropriate classification level.

Vulnerability discussion

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services; and any other specific protection needs.DISN Voice Service provides highly available and reliable communications voice and video service on a worldwide scale, supporting mission-critical decision-making users through the DISN Voice Precedence service. Voice Video communications are not always interoperable between different vendors' systems or the various VoIP services available. Some calls in the DISN Voice Precedence service must be completed at the expense of lower-priority or routine calls. DISA has worked to overcome these issues by working with the many vendors that provide telecommunications equipment to the DoD to develop a highly available, reliable, and interoperable IP-based assured service Voice Video communications network to meet these needs. DoD policy dictates that DISN services be used as the first choice for DoD components to fulfill their long-haul and dialup communications needs.

Check content

Review each organizational Voice Video SSP. Confirm the Voice Video system must document the subscription to or integration with the DISN Voice Service at the appropriate classification level. When the Voice Video system within the enclave connects to the DISN WAN for transport between enclaves and the system provides assured service communications between enclaves to any level of DISN Voice Precedence user, the system must integrate with the DISN Voice Service on the appropriately classified DISN IP WAN service (i.e., DISN Voice Services over NIPRNet, VoSIP over SIPRNet, etc.). An exception is granted for enclave that is part of an intranet if the intranet as a whole is subscribed to the appropriate DISN Voice Service. An exception is also granted for private Voice Video communication systems implemented for a small community of interest to fulfill a validated mission requirement. In this case, the system is essentially an intercom even though it might span enclave boundaries and the DISN. If the Voice Video system SSP does not document the subscription to or integration with the DISN Voice Service at the appropriate classification level, this is a finding. If the Voice Video system within the enclave is integrated with a service-level intranet or implemented as a private communications system for a small community of interest to fulfill a validated mission requirement, this is not a finding.

Fix text

Document in the Voice Video SSP the Voice Video system subscription to or integration with the DISN Voice Service at the appropriate classification level.

Pro Tips

Powered by sagemincer