Title

An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences must utilize an approved pair of EIA-530 A/B switches operated in tandem or a dual A/B switch to switch the Type 1 encryptor in/out of the circuit between the CODEC and IMUX. (Cat II impact)

Discussion

ISDN-based VTC systems supporting secure (classified) and non-secure (unclassified) conferences operate in an unclassified manner while connecting a call. If the call is to be classified or “secure” at any level, the Type 1 encryptor is switched into the circuit between the CODEC and IMUX, then synced with the other end before the conference discussions can “go secure”. This is typically performed using approved A/B switches on both sides of the encryptor operated in tandem. The use of the word “tandem” here does not refer to public switched telephone network (PSTN) tandem switches. This refers to a pair of A/B switches that are operated at the same time.

Check Content

Review the documentation to determine whether approved A/B switches are in place. DISN Video Services (DVS) maintains a list of A/B switches and dial isolators that have been TEMPEST certified to meet the above requirements at http://disa.mil/Services/Network-Services/Video/~/media/Files/DISA/Services/DVS/red_black_peripherals.xls. If A/B switches operated in tandem or a dual A/B switch is not implemented and used, or the A/B switches are not on the list, this is a finding.

Fix Text

Obtain and install approved EIA-530 A/B switches.

Additional Identifiers

Rule ID: SV-55770r1_rule

Vulnerability ID: V-43041

Group Title: RTS-VTC 7360 [ISDN]

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.