← Back to Enterprise Voice, Video, and Messaging Policy Security Requirements Guide

V-259893

CAT I (High)

An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by connecting the CODEC to one network at a time, matching the classification level of the session to the classification level of the network.

Rule ID

SV-259893r1173864_rule

STIG

Enterprise Voice, Video, and Messaging Policy Security Requirements Guide

Version

V1R4

CCIs

CCI-002212, CCI-000366

Discussion

Connecting to networks of different classifications simultaneously incurs the risk of data from a higher classification being released to a network of a lower classification, referred to as a "spill". It is imperative that networks of differing classification levels or with differing handling caveats not be interconnected at any time. Separation in a multinetwork VTC system is maintained by the use of an A/B, A/B/C, or A/B/C/D switch that meets requirements for channel isolation or by manual connection of the CODEC to one network at a time.

Check Content

Review the VTC system architecture to verify that an approved A/B, A/B/C, or A/B/C/D switch is present and properly cabled. 

Alternately, validate that the VTC CODEC is manually connected to one network at a time through the use of a single patch cord. 

If neither is in place, this is a finding.

Fix Text

Obtain and install an approved A/B, A/B/C, or A/B/C/D switch. 

Alternately, manually connect the VTC CODEC to one network at a time through the use of a single patch cord.