Title

The Voice Video Session Manager must control flow outside the enclave based on approved dial plans. (Cat I impact)

Discussion

Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. For voice and video session managers, session flow of information is controlled by dial plans that coordinate connections between endpoints. Dial plans can also reduce connection costs in some cases, relying on routes across the DoDIN rather than over commercial services. Session managers can routes connections to known commercial services and DoD providers. Using DoDIN network paths reduces the risk of an adversary to intercept calls. However, dial plans can be mimicked and therefore are only part of a defense in depth approach.

Check Content

Verify the Voice Video Session Manager controls flow outside the enclave based on approved dial plans. If the Voice Video Session Manager does not control flow outside the enclaves based on approved dial plans, this is a finding.

Fix Text

Configure the Voice Video Session Manager to control flow outside the enclave based on approved dial plans.

Additional Identifiers

Rule ID: SV-206814r508661_rule

Vulnerability ID: V-206814

Group Title: SRG-NET-000019

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.