NIST SP 800-171 & CMMC 2.0 Control 3.13.14 Requirement:

Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.

NIST SP 800-171 & CMMC 2.0 3.13.14 Requirement Explanation:

Voice Over Internet Protocol (VoIP) enables people to use the internet as the transmission pathway for telephone calls. Listening in on VoIP is easier than traditional telephone conversations because you do not need a physical wiretap.

Example NIST SP 800-171 & CMMC 2.0 3.13.14 Implementation:

Create a policy defining the acceptable use of VoIP. This includes who may use it, how they can access VoIP services (e.g., desk phone, softphone, mobile phone app), and what they can discuss over VoIP (e.g., prohibiting the discussion of “Controlled Unclassified Information” (CUI)). Securely configure your VoIP equipment (e.g., VoIP switches). Install the latest security updates for your VoIP equipment. If you use softphones (VoIP app on a PC) make sure that they are updated. If possible, encrypt VoIP communications. If you use cloud-based VoIP services, review the security settings and set them to be the most restrictive. Regularly review your VoIP logs and phone number assignment to ensure that only authorized persons are using your VoIP systems.

NIST SP 800-171 & CMMC 2.0 3.13.14 Scenario(s):

- Scenario 1:

Your company has an on-premise VoIP infrastructure. Your system admin makes sure to securely configure the VoIP equipment in accordance with DISA STIGs. You have a VoIP policy restricting the use of VoIP to authorized personnel.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.