Communications Systems

ISM-1019

A denial of service response plan for video conferencing and IP telephony services is developed, implemented and maintained.

Topic
Denial of service response plan
Applicable to
all

History

Priority
recommended
Dec 2022
A denial of service response plan for video conferencing and IP telephony services is developed, implemented and maintained.
Existing controls relating to the development and implementation of cyber security documentation were amended to ensure documentation is maintained throughout its lifetime.
Dec 2022
A denial of service response plan for video conferencing and IP telephony services is developed, implemented and maintained.
The existing control relating to denial of service response plans for video conferencing and IP telephony, including their contents, was separated into two controls [ISM-1019, ISM-1805].
Dec 2021
A denial of service response plan is developed and implemented for video conferencing and IP telephony services that includes: • how to identify signs of a denial-of-service attack • how to identify the source of a denial-of-service attack • how capabilities can be maintained during a denial-of-service attack • what actions can be taken to respond to a denial-of-service attack.
Miscellaneous changes were made to rationale and security controls throughout the publication. This included:
• A review from the Using the Information Security Manual chapter through to the Guidelines for Media chapter.
• Security controls suitable for all audiences have been identified with the ‘All’ applicability marking while additional security controls suitable for just government audiences have been identified with the O, P, S and TS applicability markings.
• Security controls suitable for specific classifications have been amended to include their classification(s) in the wording of the security controls to reduce the reliance on applicability markings to confer suitability.
• Tables in security controls have been converted into prose to allow for inclusion in the SSP annex template and the XML list of security controls.
• The use of ‘official’ and ‘highly classified’ terminology has been replaced with specific classifications to remove ambiguity.
• Security controls relating to high assurance ICT equipment have had their applicability narrowed to ‘S, TS’ reflecting that they are intended for the protection of SECRET and TOP SECRET systems and data.
2017
Agencies should develop a denial of service response plan that includes:• how to identify signs of a denial of service• how to identify the source of a denial of service, either internal or external• how capabilities can be maintained during a denial of service e.g. personal mobile phonesthat have been identified for use in case of an emergency• what actions can be taken to clear a denial of service e.g. banning certain devices/IPs atthe call controller and firewalls, implementing quality of service, changing authentication,changing dial-in authentication.
Control Text Changed. No public explaination.
2015
Agencies should develop a denial of service response plan which includes:• how to identify signs of a denial of service• how to identify the source of a denial of service, either internal or external• how capabilities can be maintained during a denial of service e.g. personal mobile phonesthat have been identified for use in case of an emergency• what actions can be taken to clear a denial of service e.g. banning certain devices/IPs atthe call controller and firewalls, implementing quality of service, changing authentication,changing dial-in authentication.
2010
It is recommended agencies develop a denial of service response plan including:• how to diagnose the source of the denial of service• what actions can be taken to clear the denial of service• how voice capability could be maintained during a denial of service.