last sync: 2024-Mar-01 17:50:27 UTC

Establish voip usage restrictions | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Establish voip usage restrictions
Id 68a39c2b-0f17-69ee-37a3-aa10f9853a08
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0280 - Establish voip usage restrictions
Additional metadata Name/Id: CMA_0280 / CMA_0280
Category: Documentation
Title: Establish voip usage restrictions
Ownership: Customer
Description: Microsoft recommends that your organization establish usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies that may have the potential to cause damage to the information system if used maliciously. Your organization should consider creating and maintaining System and Communications Protection policies and standard operating procedures that establish usage restrictions and implementation guidance for VoIP technologies used by your organization.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Establish voip usage restrictions' (68a39c2b-0f17-69ee-37a3-aa10f9853a08)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SC-19 FedRAMP_High_R4_SC-19 FedRAMP High SC-19 System And Communications Protection Voice Over Internet Protocol Shared n/a The organization: a. Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and b. Authorizes, monitors, and controls the use of VoIP within the information system. Supplemental Guidance: Related controls: CM-6, SC-7, SC-15. References: NIST Special Publication 800-58. link 2
FedRAMP_Moderate_R4 SC-19 FedRAMP_Moderate_R4_SC-19 FedRAMP Moderate SC-19 System And Communications Protection Voice Over Internet Protocol Shared n/a The organization: a. Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and b. Authorizes, monitors, and controls the use of VoIP within the information system. Supplemental Guidance: Related controls: CM-6, SC-7, SC-15. References: NIST Special Publication 800-58. link 2
hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 08 Network Protection 0864.09m2Organizational.12-09.m 09.06 Network Security Management Shared n/a Usage restrictions and implementation guidance are formally defined for VoIP, including the authorization and monitoring of the service. 4
NIST_SP_800-171_R2_3 .13.14 NIST_SP_800-171_R2_3.13.14 NIST SP 800-171 R2 3.13.14 System and Communications Protection Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. Shared Microsoft and the customer share responsibilities for implementing this requirement. VoIP has different requirements, features, functionality, availability, and service limitations when compared with the Plain Old Telephone Service (POTS) (i.e., the standard telephone service). In contrast, other telephone services are based on high-speed, digital communications lines, such as Integrated Services Digital Network (ISDN) and Fiber Distributed Data Interface (FDDI). The main distinctions between POTS and non-POTS services are speed and bandwidth. To address the threats associated with VoIP, usage restrictions and implementation guidelines are based on the potential for the VoIP technology to cause damage to the system if it is used maliciously. Threats to VoIP are similar to those inherent with any Internet-based application. [SP 800-58] provides guidance on Voice Over IP Systems. link 2
NIST_SP_800-53_R4 SC-19 NIST_SP_800-53_R4_SC-19 NIST SP 800-53 Rev. 4 SC-19 System And Communications Protection Voice Over Internet Protocol Shared n/a The organization: a. Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and b. Authorizes, monitors, and controls the use of VoIP within the information system. Supplemental Guidance: Related controls: CM-6, SC-7, SC-15. References: NIST Special Publication 800-58. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 68a39c2b-0f17-69ee-37a3-aa10f9853a08
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC