An error occurred:

Check: SRG-VOIP-000180

Enterprise Voice, Video, and Messaging Policy SRG: SRG-VOIP-000180 (in versions v1 r2 through v1 r1)

Title

The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be Common Criteria certified. (Cat II impact)

Discussion

Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner at a level commensurate with the target environment for use. The Defense Security/Cybersecurity Authorization Working Group (DSAWG) mandated that the A/B, A/B/C, or A/B/C/D switches used in VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels, where these networks are simultaneously and permanently connected to these networks, must receive NIAP approval in accordance with CNSSP #11. This was primarily due to the potential interconnection of separate networks designated as National Security Systems through the switch. This was a prerequisite to their approval of the multinetwork VTC system architecture. Therefore, the A/B, A/B/C, or A/B/C/D switch must be satisfactorily evaluated and validated in accordance with the provisions of the NIAP Common Criteria Evaluation and Validation Scheme.

Check Content

Review the NIAP Product Compliant List (PCL) at https://www.niap-ccevs.org to verify that a certification exists for the A/B, A/B/C, or A/B/C/D switch or review a vendor-provided letter from NIAP or the NIAP test report indicating satisfactory completion of testing and PCL listing. Validation of certification via the NIAP PCL can be more easily facilitated if the vendor has provided the certification number. If the product is not on the list or a NIAP letter or test report is not provided, this is a finding.

Fix Text

Obtain and install an A/B, A/B/C, or A/B/C/D switch that has obtained Common Criteria certification.

Additional Identifiers

Rule ID: SV-259898r948742_rule

Vulnerability ID: V-259898

Group Title: SRG-VOIP-000180

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002204

Defines the security or privacy policy which prohibits the transfer of unsanctioned information between different security domains.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4(15)

Detection of Unsanctioned Information