Rule ID
SV-259897r1173868_rule
Version
V1R4
CCIs
CCI-002204, CCI-000366
Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network having a lower classification level. Ideally, the CODEC will be disconnected from any network while it is being reconfigured. However, the requirement can be met by using a procedure that purges the configuration for the currently connected network, power cycling the CODEC as required (for a minimum of 60 seconds per SRG-VOIP-000140) as the CODEC is switched to the next network, and then reconfiguring the CODEC for the next session.
Review the VTC system architecture documentation and observe system operation while transitioning between networks to verify one of the following: - The CODEC is switched to a disconnected/unused switch position while it is being purged/reconfigured. - The CODEC is purged while connected to one network, power cycled as it is switched to the next network, and then reconfigured for that network. Alternately, if a manual switching procedure is used, verify the CODEC is physically disconnected from any network while being reconfigured. If none of these procedures is being followed, this is a finding.
Do one of the following: - Architect, implement, and configure the system so the A/B, A/B/C, or A/B/C/D switch connects the CODEC to an unused switch position while it is being reconfigured during transition from one network to another. - Architect, implement, and configure the system so the CODEC configuration is purged before it is switched to the next network, the CODEC is power cycled for the required time period as the A/B, A/B/C, or A/B/C/D switch connects the CODEC to the next network, and then the CODEC is reconfigured for that network. - If a manual switching procedure is used, physically disconnect the CODEC from any network while it is reconfigured for the next network.