Title

Links within the SS7 network are not encrypted. (Cat II impact)

Discussion

Requirement: The IAO will ensure that all SS7 links leaving a base/post/camp/station are encrypted. The examination of traffic patterns and statistics can reveal compromising information. Such information may include call source, destination, duration, frequency, and precedence level. The DSN common channel signaling links contain this type of information and must be protected.

Check Content

Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text

Ensure all SS7 links are, at a minimum, bulk encrypted before leaving the facility or installation.

Additional Identifiers

Rule ID: SV-8436r1_rule

Vulnerability ID: V-7950

Group Title: Links within the SS7 network are not encrypted.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.