Title

The dual homed DISN core access circuits must be implemented so that each one can support the full bandwidth engineered for the enclave plus additional bandwidth to support surge conditions in time of crisis. (Cat II impact)

Discussion

Providing dual-homed access circuits from a command and control (C2) enclave to the DISN core is useless unless both circuits provide the same capacity to include enough overhead to support surge conditions. If one circuit is lost due to equipment failure or facility damage, the other circuit must be able to carry the entire engineered load for a single circuit servicing the site. Additionally, the engineered capacity must take additional bandwidth into account to support higher levels of both data and VVoIP communications in time of crisis.

Check Content

Inspect the documentation for the access circuits and the bandwidth engineering study to determine compliance with the requirement. If each circuit cannot handle the entire engineered load for the enclave, including surge capacity, this is a finding.

Fix Text

Ensure a bandwidth engineering study is performed to determine the WAN bandwidth needs for the site, including surge capacity. Ensure each redundant DISN Core access circuit has the same capacity so that one is able to support the entire engineered bandwidth needs of the enclave.

Additional Identifiers

Rule ID: SV-259916r948762_rule

Vulnerability ID: V-259916

Group Title: SRG-VOIP-000360

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.