← Controls / SC

SC-19 Voice Over Internet Protocol

System and Communications Protection

Low Moderate High

Description

The organization: (i) establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously; and (ii) authorizes, monitors, and controls the use of VoIP within the information system.

Supplemental Guidance

NIST Special Publication 800-58 provides guidance on security considerations for VoIP technologies employed in information systems.

Changes from Rev 4

Technology-specific; addressed as any other technology or protocol

Enhancements

(0) None.

Compliance Mappings

FINMA Circular 2023/1

IV.C(62)IV.C(63)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(a)

ISO 17799 (legacy)

None.

COBIT 4.1 (legacy)

None.