What is NIST 800-171 Control 3.13.20?
This control ensures that VoIP systems (e.g., Zoom, Microsoft Teams, IP desk phones, softphones) are:
• Properly configured
• Secured against unauthorized access
• Monitored for suspicious or unauthorized use
VoIP technologies should not become a backdoor for attackers or a channel for CUI exposure.
Why It Matters
VoIP systems can expose your organization to:
• Eavesdropping and interception
• Call hijacking or spoofing
• Network vulnerabilities if improperly segmented or secured
VoIP calls can transmit CUI verbally or through shared content (e.g., screen shares, chats).
How to Implement It
• Restrict VoIP access to authorized users and devices
• Encrypt VoIP traffic using TLS and SRTP (Secure Real-time Transport Protocol)
• Separate VoIP systems from sensitive data networks (via VLANs or firewalls)
• Monitor VoIP usage logs and configure alerts for:
◦ Unusual call volumes
◦ Unauthorized connections
• Train users to recognize phishing or social engineering via VoIP
Common Mistakes
• Using unsecured or outdated VoIP apps
• Running VoIP traffic on the same network as CUI without segmentation
• Not logging VoIP activity or failed call attempts
How Cuick Trac Helps
Cuick Trac helps protect VoIP usage by:
• Supporting guidance for secure VoIP configurations and network segmentation
• Helping enforce access controls for devices and applications with VoIP features
• Offering templates and policies for VoIP security aligned with NIST 800-171
• Reducing VoIP risk by consolidating communication inside secure, access-controlled systems
With Cuick Trac, even your voice traffic gets the protection it deserves.
Final CTA
If CUI can be spoken, it can be stolen—secure your VoIP.
Book a Cuick Trac demo and lock down your voice, video, and collaboration tools.