3.13.14 — Control and Monitor the Use of Voice over Internet Protocol (VoIP) Technologies

VoIP systems -- like Microsoft Teams calling, Cisco phone systems, or SIP-based solutions -- carry voice traffic over your data network. That means they are subject to the same threats as any other network service: eavesdropping, denial of service, and unauthorized access.

Example 1: Segment your VoIP traffic onto a dedicated VLAN (e.g., VLAN 50) with QoS policies that prioritize voice traffic. On your managed switch, configure the voice VLAN and apply ACLs that prevent data VLAN devices from accessing the voice VLAN directly. This limits the attack surface and prevents casual network sniffing of voice traffic.

Example 2: If using Microsoft Teams for voice, enable end-to-end encryption for 1:1 Teams calls in the Teams admin center > Enhanced encryption policies. Also review and restrict who can make PSTN calls by configuring calling policies under Voice > Calling policies -- assign policies that limit external dialing to only the users who need it.