Navigate

Check: SRG-VOIP-000600

Enterprise Voice, Video, and Messaging Policy SRG: SRG-VOIP-000600 (in version v1 r3)

Title

A site utilizing a commercial VoIP/SIP provider must use a provider compliant with FCC STIR/SHAKEN protocol rules. (Cat II impact)

Discussion

The STIR/SHAKEN protocol required by recent FCC regulations ensures the authenticity of calling parties over voice communications. This protocol is aimed to reduce robocalls and spoofing. The carrier can digitally sign and verify the authenticity of caller ID information to combat fraudulent calls.

Check Content

Verify the commercial provider is compliant with the FCC STIR/SHAKEN regulations. If the commercial provider is not compliant with FCC STIR/SHAKEN regulations, this is a finding.

Fix Text

Ensure the commercial provider is compliant with FCC STIR/SHAKEN regulations.

Additional Identifiers

Rule ID: SV-274463r1107631_rule

Vulnerability ID: V-274463

Group Title: SRG-VOIP-000600

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001548	Defines the information flow control policies for controlling the flow of information within the system.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-4	Information Flow Enforcement