An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels must be implemented in such a way that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-259897	SRG-VOIP-000170	SRG-VOIP-000170	SV-259897r956911_rule	2024-03-12	1

Description
Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network having a lower classification level. Ideally, the CODEC will be disconnected from any network while it is being reconfigured. However, the requirement can be met by using a procedure that purges the configuration for the currently connected network, power cycling the CODEC as required (for a minimum of 60 seconds per SRG-VOIP-000140) as the CODEC is switched to the next network, and then reconfiguring the CODEC for the next session.

Description

Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network having a lower classification level. Ideally, the CODEC will be disconnected from any network while it is being reconfigured. However, the requirement can be met by using a procedure that purges the configuration for the currently connected network, power cycling the CODEC as required (for a minimum of 60 seconds per SRG-VOIP-000140) as the CODEC is switched to the next network, and then reconfiguring the CODEC for the next session.

ℹ️ Check
Review the VTC system architecture documentation and observe system operation while transitioning between networks to verify one of the following: - The CODEC is switched to a disconnected/unused switch position while it is being purged/reconfigured. - The CODEC is purged while connected to one network, power cycled as it is switched to the next network, and then reconfigured for that network. Alternately, if a manual switching procedure is used, verify the CODEC is physically disconnected from any network while being reconfigured. If none of these procedures is being followed, this is a finding.

ℹ️ Check

Review the VTC system architecture documentation and observe system operation while transitioning between networks to verify one of the following: - The CODEC is switched to a disconnected/unused switch position while it is being purged/reconfigured. - The CODEC is purged while connected to one network, power cycled as it is switched to the next network, and then reconfigured for that network. Alternately, if a manual switching procedure is used, verify the CODEC is physically disconnected from any network while being reconfigured. If none of these procedures is being followed, this is a finding.

✔️ Fix
Do one of the following: - Architect, implement, and configure the system so the A/B, A/B/C, or A/B/C/D switch connects the CODEC to an unused switch position while it is being reconfigured during transition from one network to another. - Architect, implement, and configure the system so the CODEC configuration is purged before it is switched to the next network, the CODEC is power cycled for the required time period as the A/B, A/B/C, or A/B/C/D switch connects the CODEC to the next network, and then the CODEC is reconfigured for that network. - If a manual switching procedure is used, physically disconnect the CODEC from any network while it is reconfigured for the next network.

✔️ Fix

Do one of the following: - Architect, implement, and configure the system so the A/B, A/B/C, or A/B/C/D switch connects the CODEC to an unused switch position while it is being reconfigured during transition from one network to another. - Architect, implement, and configure the system so the CODEC configuration is purged before it is switched to the next network, the CODEC is power cycled for the required time period as the A/B, A/B/C, or A/B/C/D switch connects the CODEC to the next network, and then the CODEC is reconfigured for that network. - If a manual switching procedure is used, physically disconnect the CODEC from any network while it is reconfigured for the next network.