← Back to Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide

V-260028

CAT II (Medium)

The Enterprise Voice, Video, and Messaging Session Manager must be configured to authenticate each Voice Video peer (trunk) before registration.

Rule ID

SV-260028r949045_rule

STIG

Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide

Version

V1R2

CCIs

CCI-001958

Discussion

Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific pre-authorized devices and trunks can access the system. Registration is the process of authorizing endpoints and trunks to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device or peer on the Voice Video network.

Check Content

Verify the Enterprise Voice, Video, and Messaging Session Manager authenticates all Voice Video peers (trunks) before establishing any connection.

If the Enterprise Voice, Video, and Messaging Session Manager does not authenticate all Voice Video peers (trunks) before establishing any connection, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Session Manager to authenticate all Voice Video peers (trunks) before registration.