Title

VTC ports and protocols cross DoD/Enclave boundaries without prior registration in the DoD Ports and Protocols Database. (Cat II impact)

Discussion

A portion of the DoDI 8550.1 PPS policy requires registration of those PPS that cross any of the boundaries defined by the policy that are “visible to DoD-managed components”. The following PPS registration requirement applies to VTC traffic that crosses the IP based Enclave boundary to the DISN WAN or another enclave.

Check Content

[IP]; Interview the IAO and validate compliance with the following requirement: Ensure all protocols and services that cross the enclave boundary and/or any of the defined DoD boundaries (along with their associated IP ports) used by VTC systems for which he/she is responsible are registered in the DoD Ports and Protocols Database in accordance with DoDI 8550.1. Review network diagrams, device documentation, to identify what VTC/VTU/MCU Ports/Protocols/Services are used by the VTC system. Once these Ports/Protocols/Services have been determined and confirmed for use, verify that these same Ports/Protocols/Services are registered and approved for use in the DoD Ports and Protocols Database in accordance with DoDI 8550.1. Note: Reference tables are provided in the STIG

Fix Text

[IP]; Perform the following tasks: - Determine what Ports/Protocols/Services are used by the VTC system within the enclave and which cross the enclave boundary as well as what other boundaries they traverse. - Register all Ports/Protocols/Services are used by the VTC system in the PPS database.

Additional Identifiers

Rule ID: SV-18892r1_rule

Vulnerability ID: V-17718

Group Title: RTS-VTC 4520.00 [IP]

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.