The organization must design its Voice Video security architecture using a defense-in-depth approach that allocates organization-defined security safeguards to organization-defined locations.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300619

Associated with: CCI-003081

VVSP-01-000182_rule The organization must design its Voice Video security architecture using a defense-in-depth approach that allocates organization-defined security safeguards to organization-defined locations.

Vulnerability discussion

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services; and any other specific protection needs.Voice Video systems developed and fielded at sites must be compatible and comparable to all DoD implementations. Because unclassified Voice Video systems are used broadly, including within facilities where classified information is handled and discussed, a number of technical, policy, and architectural considerations must be addressed. At the organizational level, call plans and routing details must be documented, disseminated, and implemented at all levels. All unclassified Voice Video communication must be treated as Controlled Unclassified Information (CUI) at a minimum. Steps must be taken to prevent incidental discussions or overhearing (and overseeing in some cases) of Voice Video conversations. By addressing possible sources and methods for exfiltration or spillage from Voice Video systems in architecture, fewer risks are exposed. Consideration of location, especially tactical operations OCONUS, are an essential factor.

Check content

Review each organizational Voice Video SSP. Confirm the design of its Voice Video security architecture uses a defense-in-depth approach that allocates organization-defined security safeguards to organization-defined locations. If the organizational Voice Video security architecture does not use a defense-in-depth approach that allocates organization-defined security safeguards to organization-defined locations, this is a finding.

Fix text

Document in the Voice Video SSP the planned Voice Video security architecture. Design security architecture to use a defense-in-depth approach that allocates organization-defined security safeguards to organization-defined locations.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer