NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-19Voice Over Internet Protocol

Technology-specific; addressed as any other technology or protocol.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This control (withdrawn in Rev 5) addressed VoIP security and has been incorporated into other SC family controls. VoIP systems should follow the same boundary protection (SC-7) and transmission security (SC-8) requirements as any other networked system.

Example 1: Place your VoIP phones on a dedicated voice VLAN separated from your data network. Apply QoS policies and firewall rules specific to voice traffic (SC-7).

Example 2: Enable SRTP (Secure Real-time Transport Protocol) for voice call encryption so conversations cannot be intercepted by someone sniffing network traffic (SC-8).

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability