Title

The A/B, A/B/C, or A/B/C/D switch within an IP-based VTC system supporting conferences on multiple networks having different classification levels must be based on optical technologies to maintain electrical isolation between the various networks to which it connects. (Cat II impact)

Discussion

The A/B, A/B/C, or A/B/C/D switch is physically connected to multiple networks having different classification levels. Copper-based switches provide minimal or no electrical isolation due to capacitance between the wires in the switch box and the switch contacts. This can permit information on one network to bleed or leak over to the other network, which can lead to the disclosure of classified information on a classified network to a network of lower classification. This must be prevented. Optical fiber is an insulator, thus it carries no electrical current and generates no electromagnetic field, eliminating the capacitance issue. As such, it provides excellent electrical isolation between the networks to which it connects.

Check Content

Review A/B, A/B/C, or A/B/C/D switch vendor documentation to determine if optical technologies are used to maintain electrical isolation between the input port/connection and between all selectable output ports/connections. If this is not the case, this is a finding. Validate approved equipment is being used. DISN Video Services (DVS) maintains a list of A/B, A/B/C, or A/B/C/D switches that have been certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls. If the A/B, A/B/C, or A/B/C/D switch is not on the list, this is a finding.

Fix Text

Obtain and install an approved A/B, A/B/C, or A/B/C/D switch.

Additional Identifiers

Rule ID: SV-55749r1_rule

Vulnerability ID: V-43020

Group Title: RTS-VTC 7100 [IP]

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.