| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SC-19 |
FedRAMP_High_R4_SC-19 |
FedRAMP High SC-19 |
System And Communications Protection |
Voice Over Internet Protocol |
Shared |
n/a |
The organization:
a. Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and
b. Authorizes, monitors, and controls the use of VoIP within the information system.
Supplemental Guidance: Related controls: CM-6, SC-7, SC-15.
References: NIST Special Publication 800-58. |
link |
2 |
| FedRAMP_Moderate_R4 |
SC-19 |
FedRAMP_Moderate_R4_SC-19 |
FedRAMP Moderate SC-19 |
System And Communications Protection |
Voice Over Internet Protocol |
Shared |
n/a |
The organization:
a. Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and
b. Authorizes, monitors, and controls the use of VoIP within the information system.
Supplemental Guidance: Related controls: CM-6, SC-7, SC-15.
References: NIST Special Publication 800-58. |
link |
2 |
| hipaa |
0864.09m2Organizational.12-09.m |
hipaa-0864.09m2Organizational.12-09.m |
0864.09m2Organizational.12-09.m |
08 Network Protection |
0864.09m2Organizational.12-09.m 09.06 Network Security Management |
Shared |
n/a |
Usage restrictions and implementation guidance are formally defined for VoIP, including the authorization and monitoring of the service. |
|
4 |
| NIST_SP_800-171_R2_3 |
.13.14 |
NIST_SP_800-171_R2_3.13.14 |
NIST SP 800-171 R2 3.13.14 |
System and Communications Protection |
Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
VoIP has different requirements, features, functionality, availability, and service limitations when compared with the Plain Old Telephone Service (POTS) (i.e., the standard telephone service). In contrast, other telephone services are based on high-speed, digital communications lines, such as Integrated Services Digital Network (ISDN) and Fiber Distributed Data Interface (FDDI). The main distinctions between POTS and non-POTS services are speed and bandwidth. To address the threats associated with VoIP, usage restrictions and implementation guidelines are based on the potential for the VoIP technology to cause damage to the system if it is used maliciously. Threats to VoIP are similar to those inherent with any Internet-based application. [SP 800-58] provides guidance on Voice Over IP Systems. |
link |
2 |
| NIST_SP_800-53_R4 |
SC-19 |
NIST_SP_800-53_R4_SC-19 |
NIST SP 800-53 Rev. 4 SC-19 |
System And Communications Protection |
Voice Over Internet Protocol |
Shared |
n/a |
The organization:
a. Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and
b. Authorizes, monitors, and controls the use of VoIP within the information system.
Supplemental Guidance: Related controls: CM-6, SC-7, SC-15.
References: NIST Special Publication 800-58. |
link |
2 |