Topic

Video conferencing unit and Internet Protocol phone authentication

Applicable to

Non Classified, Official, Protected, Secret, Top Secret

History

Priority

should

Oct 2019

IP telephony is configured such that: § IP phones authenticate themselves to the call controller upon registration § auto-registration is disabled and only a whitelist of authorised devices is allowed to access the network § unauthorised devices are blocked by default § all unused and prohibited functionality is disabled.

Security control 0552 was merged with security control 0551.

Sep 2019

IP telephony is configured such that: § IP phones authenticate themselves to the call controller upon registration § auto-registration is disabled and only a whitelist of authorised devices is allowed to access the network § unauthorised devices are blocked by default § all unused and prohibited functionality is disabled.

2015

IP telephony should be configured such that:• IP phones authenticate themselves to the call controller upon registration• auto-registration is disabled and only a whitelist of authorised devices are allowed to accessthe network• unauthorised devices are blocked by default• all unused and prohibited functionality is disabled.

2010

Agencies should:••••configure VoIP phones to authenticate themselves to the call controller upon registrationdisable phone auto-registration and only allow a whitelist of authorised devices to access the networkblock unauthorised devices by defaultdisable all unused and prohibited functionality.

2008

Agencies should: a. configure Internet Protocol phones to authenticate themselves to the call controller upon registration b. disable phone auto-registration and only allow a whitelist of authorised devices to access the network c. block unauthorised devices by default d. disable all unused functionality such as speakerphones, universal serial bus ports, management interfaces etc.