Back

Establish, implement, and maintain Voice over Internet Protocol design specification.


CONTROL ID
01449
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Identify and control all network access controls., CC ID: 00529

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A firewall should be installed between the organization's network and the Voice over Internet Protocol (VoIP) gateway and should be configured to only allow VoIP traffic. A VoIP network should not run on the same cables that a data network of a different classification is running on. All security me… (§ 3.8.72, § 3.8.73, § 3.8.77, § 3.8.85, Australian Government ICT Security Manual (ACSI 33))
  • There should be documented standards / procedures for Voice over Internet Protocol applications and underlying technical infrastructure, which includes general network controls for Voice over Internet Protocol (e.g., implementing monitoring tools, providing resilience and redundancy, implementing fi… (CF.09.07.02a, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for Voice over Internet Protocol applications and underlying technical infrastructure, which includes voice over Internet protocol-specific controls (e.g., separating voice traffic from general network traffic, hardening Voice over Internet Protocol … (CF.09.07.02b, The Standard of Good Practice for Information Security)
  • General network security controls for Voice over Internet Protocol should be applied, which includes monitoring bandwidth using tools that are capable of recognizing Voice over Internet Protocol traffic. (CF.09.07.03a, The Standard of Good Practice for Information Security)
  • General network security controls for Voice over Internet Protocol should be applied, which includes deploying network components to provide resilience and redundancy. (CF.09.07.03b, The Standard of Good Practice for Information Security)
  • General network security controls for Voice over Internet Protocol should be applied, which includes restricting access to Voice over Internet Protocol networks to authorized devices. (CF.09.07.03d, The Standard of Good Practice for Information Security)
  • Voice over Internet Protocol-specific controls should be applied, which includes separating voice traffic using virtual local area networks. (CF.09.07.04a, The Standard of Good Practice for Information Security)
  • Voice over Internet Protocol-specific controls should be applied, which includes hardening Voice over Internet Protocol devices (e.g., Internet Protocol phones, routers, and Internet Protocol public branch exchanges). (CF.09.07.04b, The Standard of Good Practice for Information Security)
  • Voice over Internet protocol-specific controls should be applied, which includes encrypting sensitive Voice over Internet Protocol traffic. (CF.09.07.04d, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for Voice over Internet Protocol applications and underlying technical infrastructure, which includes general network controls for Voice over Internet Protocol (e.g., implementing monitoring tools, providing resilience and redundancy, implementing fi… (CF.09.07.02a, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for Voice over Internet Protocol applications and underlying technical infrastructure, which includes voice over Internet protocol-specific controls (e.g., separating voice traffic from general network traffic, hardening Voice over Internet Protocol … (CF.09.07.02b, The Standard of Good Practice for Information Security, 2013)
  • The organization must control, monitor, and authorize the use of Voice over Internet Protocol. (App F § SC-19.b, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The use of Voice over Internet Protocol technologies on the Industrial Control System is determined after careful consideration and verification that it does not adversely impact the operational performance. (App I § SC-19, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)