Title

The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be TEMPEST certified. (Cat III impact)

Discussion

Committee on National Security Systems Advisory Memorandum (CNSSAM) TEMPEST/01-13, RED/BLACK Installation Guidance, provides criteria for the installation of electronic equipment, cabling, and facility support for the processing of secure information. National policy requires that systems and facilities processing NSI must be reviewed by a Certified TEMPEST Technical Authority (CTTA) to achieve TEMPEST security. The RED/BLACK guidance contained in TEMPEST/01-13 will be considered by the CTTA along with other measures (e.g., TEMPEST Zoning, TEMPEST-suppressed equipment and shielding) to determine the most cost-effective countermeasures to achieve TEMPEST security. Only those RED/BLACK criteria specifically identified by the CTTA will be implemented.

Check Content

Review the documentation to determine if the A/B, A/B/C, or A/B/C/D switch is TEMPEST certified. Review TEMPEST certification documentation provided by a CTTA or the vendor to determine if the switch is TEMPEST certified. If the A/B, A/B/C, or A/B/C/D switch is not on the list, or satisfactory documentation is not provided, this is a finding.

Fix Text

Obtain and install a TEMPEST-certified A/B, A/B/C, or A/B/C/D switch.

Additional Identifiers

Rule ID: SV-259899r948743_rule

Vulnerability ID: V-259899

Group Title: SRG-VOIP-000190

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.