Check: SRG-VOIP-000310
      
      
        
  Enterprise Voice, Video, and Messaging Policy SRG:
  SRG-VOIP-000310
  
    (in versions v1 r3 through v1 r1)
  
      
      
    
  Title
The LAN hardware supporting VVoIP services must provide redundancy to support command and control (C2) assured services and Fire and Emergency Services (FES) communications. (Cat II impact)
Discussion
Voice services in support of high-priority military command and control precedence must meet minimum requirements for reliability and survivability of the supporting infrastructure. Design requirements for networks supporting DOD VVoIP implementations are in the Unified Capabilities Requirements (UCR), specifying assured services supporting DOD IP-based voice services. The UCR defines LAN design requirements for redundancy of equipment and interconnections, minimum requirements for bandwidth, specifications for backup power, and the maximum number of endpoints tolerable by a single point of failure. Policy sets the minimum requirements for the availability and reliability of VVoIP systems: Special-C2 users is 99.999 percent, C2 users is 99.997 percent, and C2Routine only users (C2R) and non-C2 users are 99.9 percent. Similar availability and reliability through redundancy is needed to support routine user FES life-safety and security-related communications.
Check Content
If the system does not support a minimum of 96 instruments, this is not applicable. Review site documentation to confirm the LAN hardware supporting VVoIP services provide redundancy to support C2 assured services and FES communications. Verify the LAN hardware is redundant as follows: - Dual Power Supplies - Each platform must have a minimum of two power supplies, and the loss of a single power supply will not cause any loss of functions within the chassis. - Dual Processors (Control Supervisors) - Each chassis must support dual control processors, and failure of any one processor will not cause any loss of functions within the chassis. - Termination Sparing - Each chassis must support a (N + 1) sparing capability minimally for available Ethernet modules used to terminate to an IP subscriber. - Protocol Redundancy - Each routing device must support protocols allowing for dynamic rerouting. - Backplane Redundancy - Each switching platform must support a redundant (1 + 1) switching fabric or backplane, and the second fabric's backplane must be in active standby so that failure of the first does not cause loss of ongoing events within the switch. Alternately, a secondary product may be added to provide redundancy to the primary product when redundant protocols are implemented so the failover to the secondary product does not result in any lost calls. If the LAN hardware supporting VVoIP services does not provide redundancy to support C2 assured services and FES communications, this is a finding.
Fix Text
Implement and document that the LAN hardware supporting VVoIP services provides redundancy to support C2 assured services and FES communications. Mandatory redundancy includes the following: - Dual Power Supplies - Each platform must have a minimum of two power supplies, and the loss of a single power supply will not cause any loss of functions within the chassis. - Dual Processors (Control Supervisors) - Each chassis must support dual control processors, and failure of any one processor will not cause any loss of functions within the chassis. - Termination Sparing - Each chassis must support a (N + 1) sparing capability minimally for available Ethernet modules used to terminate to an IP subscriber. - Protocol Redundancy - Each routing device must support protocols allowing for dynamic rerouting. - Backplane Redundancy - Each switching platform must support a redundant (1 + 1) switching fabric or backplane, and the second fabric's backplane must be in active standby so that failure of the first does not cause loss of ongoing events within the switch. Alternately, a secondary product may be added to provide redundancy to the primary product when redundant protocols are implemented so the failover to the secondary product does not result in any lost calls. Redundancy may not be required for VVoIP systems supporting less than 96 users, but best practice is to provide redundancy or maintain spares so service can be restored in a timely manner in the event of a failure.
Additional Identifiers
Rule ID: SV-259911r948757_rule
Vulnerability ID: V-259911
Group Title: SRG-VOIP-000310
Expert Comments
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  | Number | Definition | 
|---|---|
| CCI-001606 | Identify potential accessibility problems to outline explicit mitigation actions. | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  | Number | Title | 
|---|---|
| CP-7(2) | Accessibility |