STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-4 — Information Flow Enforcement

CCI-001548

Definition

Defines the information flow control policies for controlling the flow of information within the system.

Parent Control

AC-4Information Flow EnforcementAccess Control

Linked STIG Checks (20)

V-259909CAT IIA Call Center or Computer Telephony Integration (CTI) system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259910CAT IIThe local Enterprise Voice, Video, and Messaging system must have the capability to place intrasite and local phone calls when network connectivity is severed from the remote centrally located session controller.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259915CAT IIThe enclave must be dual homed to two geographically diverse DISN SDNs and DISN WAN Service (NIPRNet or SIPRNet) Aggregation Routers (AR) or DISN Provider Edge (PE) routers.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259916CAT IIThe dual homed DISN core access circuits must be implemented so that each one can support the full bandwidth engineered for the enclave plus additional bandwidth to support surge conditions in time of crisis.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259917CAT IIThe required dual homed DISN Core or NIPRNet access circuits must follow geographically diverse paths from the CER(s) along the entire route to the geographically diverse SDNs.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259924CAT IIEight hours of backup power must be provided for LAN Infrastructure, WAN boundary, VVoIP infrastructure, and VVoIP endpoints to support Special-C2 users.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259927CAT IIThe Session Border Controller (SBC) must filter inbound SIP and AS-SIP traffic based on the IP addresses of the internal Enterprise Session Controller (ESC), Local Session Controller (LSC), or Multifunction Soft Switch (MFSS).Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259928CAT IIThe Session Border Controller (SBC) must be configured to terminate and decrypt inbound and outbound SIP and AS-SIP sessions to ensure proper management for the transition of the SRTP/SRTCP streams.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259929CAT IIThe Session Border Controller (SBC) must be configured to only process packets authenticated from an authorized source within the DISN IPVS network.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259930CAT IIThe Session Border Controller (SBC) must be configured to only process signaling packets whose integrity is validated.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259931CAT IIIThe Session Border Controller (SBC) must be configured to validate the structure and validity of SIP and AS-SIP messages so that malformed messages or messages containing errors are dropped before action is taken on the contents.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259932CAT IIThe Session Border Controller (SBC) must drop all SIP and AS-SIP packets except those secured with TLS.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259933CAT IIThe Session Border Controller (SBC) must be configured to manage IP port pinholes for the SRTP/SRTCP bearer streams based on the information in the SIP and AS-SIP messages.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259934CAT IThe Session Border Controller (SBC) (or similar firewall type device) must perform stateful inspection and packet authentication for all VVoIP traffic (inbound and outbound) and deny all other packets.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259935CAT IThe Session Border Controller (SBC) (or similar firewall type device) must deny all packets traversing the enclave boundary (inbound or outbound) through the IP port pinholes opened for VVoIP sessions, except RTP/RTCP, SRTP/SRTCP, or other protocol/flow established by signaling messages.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259936CAT IIThe Session Border Controller (SBC) must be configured to notify system administrators and the information system security officer (ISSO) when attempts to cause a denial of service (DoS) or other suspicious events are detected.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259937CAT IIThe Enterprise Voice, Video, and Messaging system connecting with a DISN IPVS must be configured to signal with a backup Multifunction Soft Switch (MFSS) (or SS) if the primary cannot be reached.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259938CAT IIThe Multifunction Soft Switch (MFSS) must be configured to synchronize with at minimum a paired MFSS and/or others so that each may serve as a backup for the other when signaling with its assigned Local Session Controller (LSC), thus improving the reliability and survivability of the DISN IPVS network.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-259939CAT IIA MAC Authentication Bypass policy must be implemented for 802.1x unsupported devices that connect to the Enterprise Voice, Video, and Messaging system.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide V-274463CAT IIA site utilizing a commercial VoIP/SIP provider must use a provider compliant with FCC STIR/SHAKEN protocol rules.Enterprise Voice, Video, and Messaging Policy Security Requirements Guide