Enterprise Voice, Video, and Messaging Policy SRG Version Comparison
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
Comparison
There are 2 differences between versions v1 r1 (March 15, 2024) (the "left" version) and v1 r3 (July 2, 2025) (the "right" version).
Check SRG-VOIP-000600 was added to the benchmark in the "right" version.
This check's original form is available here.
Text Differences
Title
A site utilizing a commercial VoIP/SIP provider must use a provider compliant with FCC STIR/SHAKEN protocol rules.
Check Content
Verify the commercial provider is compliant with the FCC STIR/SHAKEN regulations. If the commercial provider is not compliant with FCC STIR/SHAKEN regulations, this is a finding.
Discussion
The STIR/SHAKEN protocol required by recent FCC regulations ensures the authenticity of calling parties over voice communications. This protocol is aimed to reduce robocalls and spoofing. The carrier can digitally sign and verify the authenticity of caller ID information to combat fraudulent calls.
Fix
Ensure the commercial provider is compliant with FCC STIR/SHAKEN regulations.