From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300611
Associated with: CCI-003072
The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.
Review each Voice Video SSP for a tactical location. Verify the architecture and configuration of a permanent, semi-permanent, or fixed tactical LAN supporting IP-based Voice Video communications is adequate to protect the Voice Video services and infrastructure. Verify the tactical networks are configured as stringently as a strategic LAN supporting Voice Video services. Determine if the tactical LAN is supporting a fixed or generally non-moving base, making it a fixed tactical LAN. If the fixed tactical network supports IP-based Voice Video communications, determine if it is configured per the requirements for a strategic LAN by inspecting network diagrams. If the deployed tactical network is relatively permanent compared to a small highly mobile unit and the LAN is not configured as a strategic LAN for the support of IP-based Voice Video, this is a finding. NOTE: The factors determining whether a deployed tactical Voice Video system is subject to this requirement are varied. In general, all Voice Video systems should be configured the same and so that the service and supporting infrastructure is protected. It is recognized that a small system operated out of a transit case in a tent, CONEX box, or a truck is highly mobile as opposed to a fixed installation in a building. While initially such a system can support a few users and remain highly mobile, as the number of users increases, the deployment becomes semi-permanent, or fixed (not highly mobile). Initial deployments may include as little as a half-dozen workstations or as many as 50. Once the initial deployment is in place, the network may grow and become relatively permanent as would be the case for a rear command or logistics center. Small deployable packages that are designed to be initially deployed with a small footprint supporting or using PC soft-phones, which are then to be the basis of a larger network, must be configured, or be configurable, to support the separate VoIP and data zones as well as hardware-based instruments and admission control for C2 communications as the deployed network and supported systems grow. The network will also include soft-phone protection zones as required in a strategic network if soft-phones are permitted to be used beyond the initial deployment.
Document in each Voice Video SSP the architecture of the fixed tactical LAN. Ensure permanent, semi-permanent, or fixed tactical networks supporting IP-based Voice Video communications are configured per the requirements for a strategic LAN. Configure the fixed tactical LAN in accordance with the requirements for a strategic LAN that supports IP-based Voice Video communications.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer