Title

An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing sanitization by purging/clearing volatile memory within the CODEC by powering the CODEC off for a minimum of 60 seconds. (Cat II impact)

Discussion

Volatile memory requires power to maintain the stored information. It retains its contents while powered, but when power is interrupted, stored data is immediately lost. Dynamic random-access memory (DRAM) is a type of random-access memory that stores each bit of data in a separate capacitor within an integrated circuit. Because capacitors leak charge, data fades unless the capacitor charge is refreshed periodically. Static random-access memory (SRAM) has a different configuration from DRAM, which allows it to retain data longer when power is no longer applied (data remanence). Powering off the CODEC for 60 seconds is sufficient to discharge the capacitors and erase all data.

Check Content

Observe the operation of the VTC system as it transitions between networks. Verify that the CODEC is powered off for a minimum of 60 seconds during the transition. If it is not, this is a finding.

Fix Text

Sanitize volatile memory by disconnection of all power for at least 60 seconds.

Additional Identifiers

Rule ID: SV-259894r948738_rule

Vulnerability ID: V-259894

Group Title: SRG-VOIP-000140

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.