NIST SP 800-171
Control 3.13.14
Control and Monitor Use of VoIP
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.
What This Means in Plain English
VoIP phone systems must be secured and monitored. VoIP traffic should be on a separate network segment, encrypted where possible, and monitored for unauthorized use or eavesdropping.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Dedicated voice VLAN isolating VoIP traffic from data networks
- SRTP encryption for VoIP call media where supported
- FortiGate firewall rules controlling traffic between voice and data VLANs
- VoIP system access restricted to authorized administrators
- ComplianceArmor documenting VoIP security architecture and approved configurations
Assessment Guidance
Assessors will verify VoIP network segmentation, check that VoIP traffic is encrypted, test that unauthorized devices cannot join the voice VLAN, and review VoIP system access controls.
Common Implementation Gaps
- VoIP and data traffic on the same VLAN
- No encryption for VoIP calls
- VoIP system with default credentials
- No access controls on VoIP administration
- Softphone applications on workstations without controls
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | SC-19 |
Need Help Implementing 3.13.14?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment