STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Enterprise Voice, Video, and Messaging Policy Security Requirements Guide

V-259936

CAT II (Medium)

The Session Border Controller (SBC) must be configured to notify system administrators and the information system security officer (ISSO) when attempts to cause a denial of service (DoS) or other suspicious events are detected.

Rule ID

SV-259936r948782_rule

STIG

Enterprise Voice, Video, and Messaging Policy Security Requirements Guide

Version

V1R4

CCIs

CCI-001548

Discussion

Action cannot be taken to thwart an attempted DOS or compromise if the system administrators responsible for the operation of the SBC and/or the network defense operators are not alerted to the occurrence in real time.

Check Content

Verify the DISN NIPRNet IPVS SBC is configured to notify system administrators and the ISSO when the following conditions occur:
- Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC.
- Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS.
- Excessive numbers of messages are dropped due to authentication or integrity check failures, potentially indicating an attempt to cause a DoS or effect a man-in-the-middle attack. 

If the SBC does not notify system administrators and the ISSO when attempts to cause a DoS or other suspicious events are detected, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers.

Fix Text

Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and the ISSO when the following conditions occur:
- Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC.
- Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS.
- Excessive numbers of messages are dropped due to authentication or integrity check failures, potentially indicating an attempt to cause a DoS or an attempt to effect a man-in-the-middle attack.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers.