Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.

Voice Over Internet Protocol (VoIP) enables people to use the internet as the transmission pathway for telephone calls. Listening in on VoIP is easier than traditional telephone conversations because you do not need a physical wiretap.

Create a policy defining the acceptable use of VoIP. This includes who may use it, how they can access VoIP services (e.g., desk phone, softphone, mobile phone app), and what they can discuss over VoIP (e.g., prohibiting the discussion of “Controlled Unclassified Information” (CUI)). Securely configure your VoIP equipment (e.g., VoIP switches). Install the latest security updates for your VoIP equipment. If you use softphones (VoIP app on a PC) make sure that they are updated. If possible, encrypt VoIP communications. If you use cloud-based VoIP services, review the security settings and set them to be the most restrictive. Regularly review your VoIP logs and phone number assignment to ensure that only authorized persons are using your VoIP systems.