CMMC Practice SC.3.189: Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Controlling VoIP technologies starts with establishing guidelines and enforcing users’ proper and appropriate usage of VoIP technologies that are described in an organization’s policies. Monitoring should include the users’ activity for anything other than what is permitted and authorized and detection of insecure or unauthorized use of the VoIP technology. Security concerns for VoIP include eavesdropping on calls and using ID spoofing to impersonate trusted individuals.