5 FAM 590
Video teleconferencing on Department of State Enterprise
Networks
(CT:IM-265; 04-16-2019)
(Office of Origin: IRM/FO/ITI/SI/DTS)
5 FAM 591 PURPOSE AND SCOPE
(CT:IM-166; 09-11-2015)
a. This subchapter establishes policy for video
teleconferencing (VTC) equipment on Department of State enterprise networks
(i.e., OpenNet and ClassNet).
b. Clearance authority for procurement of VTC equipment
is in 14 FAM
221.3.
c. For VTC security requirements, see 12 FAH-10
H-112.23, for use of unclassified VTCs and 12 FAH-10 H-414
for use of classified VTCs.
5 FAM 592 AUTHORITIES
(CT:IM-166; 09-11-2015)
The authorities for this policy are found in:
(1) Executive Order 13589, Promoting Efficient Spending;
and
(2) Telework Enhancement Act of 2010, Public Law
111-292.
5 FAM 593 DEFINITIONS
(CT:IM-166; 09-11-2015)
Commercial off-the-shelf (COTS):
VTC equipment that is designed and produced by the manufacturer with general
commercial applications in mind.
Endpoint: Video conferencing
specific equipment used to connect to an enterprise network for the purpose of
participating in a video conference.
Integrated Services Digital Network
(ISDN): A set of communication standards for simultaneous digital transmission
of voice, video, data, and other network services over the traditional circuits
of the public switched-digital network.
OpenNet Video and Data Collaboration
(ONVDC): The Bureau of Information Resource Management's (IRM) program
for using OpenNet for collaborative video conferencing. ONVDC is managed by
IRMs Video Program Office (VPO).
Secure Video and Data Collaboration
(SVDC): IRMs program for using ClassNet for Secret high collaborative
video conferencing. SVDC is managed by IRMs VPO.
TEMPEST equipment (or TEMPEST-approved
equipment): Equipment that has been designed or modified to suppress
compromising signals. Such equipment is evaluated against National TEMPEST
Standards by NSA-certified personnel and laboratories. See 12 FAM 090.
Video Program Office (VPO):
IRMs program office for the central management and administration of video
conferencing over the Departments OpenNet and ClassNet.
Video TeleConference (VTC):
General term used interchangeably with, and as an abbreviated form of,
"video-conference" i.e., VTC equipment, VTC session.
5 FAM 594 Video Teleconferencing
5 FAM 594.1 OpenNet Video and Data
Collaboration (ONVDC)
(CT:IM-265; 04-16-2019)
a. This section applies to all VTC endpoint equipment
physically connected to OpenNet.
b. VTC equipment owners must ensure that VTC equipment
connected to OpenNet is not simultaneously (physically) connected to another
network, i.e., ISDN or Internet.
c. VTC equipment owners must adhere to the security
requirements in 12 FAH-10
H-112.23, Unclassified Video Teleconferencing Policy, and the VPO
registration policy for ONVDC listed in 5 FAM 595.1.
d. New VTC equipment purchases must be purchased
through an existing VPO procurement contract. If no VPO procurement contract
exists, then defer to the Office of Acquisitions Management (A/OPE/AQM).
e. VTC equipment owners must procure and renew annual
vendor maintenance packages for upgrade, replacement, and repair until such
time that the VTC equipment model is no longer supported by the manufacturer.
f. VTC equipment owners must fund and replace
equipment no longer supported by the manufacturer, and/or removed from the IT
CCB baseline, with current technology within 180 days from the equipment final
end-of-service date.
g. Failure to adhere to this policy will result in
revocation of VTC equipment registration, and notification sent to Program
Applications Division (DS/IS/APD).
5 FAM 594.2 Secure Video and Data
Collaboration (SVDC)
(CT:IM-265; 04-16-2019)
a. This section applies to all VTC endpoint equipment
physically connected to ClassNet.
b. VTC equipment owners must adhere to the security
requirements in 12 FAH-10 H-414,
Secure Video Teleconferencing (SVTC), and the VPO registration policy for SVDC
listed in 5 FAM
595.2.
c. VTC equipment connected to ClassNet may not be
simultaneously (physically) connected to another network, i.e., SIPRNet or
ISDN.
d. VTC equipment must be located in rooms that that
have been surveyed and granted specific DS SVDC Approval as directed by 12 FAH-10 H-414.
The DS SVDC approval must be granted prior to the SVDC registration process.
Approving offices are DS/IS/APD (domestically) and DS/CMP/ECB (overseas).
e. New VTC equipment purchases must be procured through
an existing VPO contract for video conferencing equipment. If no VPO contract
exists, then defer to the Office of Acquisitions Management (A/OPE/AQM).
f. The Video Program Office (VPO) will be the sole
point of contact for VTC equipment updates, repairs, and upgrades. The VPO is
responsible for integrity testing and the distribution of VTC equipment
software and firmware updates.
g. COTS VTC equipment owners must procure, fund, and
annually renew maintenance packages with VPO approval for their VTC equipment,
until such time the equipment model is no longer supported by the
manufacturer. VTC equipment owners can only install VPO approved and
distributed software and firmware updates. In addition, VTC equipment owners
must notify and receive VPO approval before upgrading, repairing or replacing
VTC equipment.
h. COTS equipment owners must fund and replace
equipment no longer supported by the manufacturer, and/or removed from the IT
CCB baseline, with current technology within 180 days from its end-of-service
date.
i. TEMPEST equipment owners must fund and replace
equipment that has been decertified and removed from the AEL or when the
equipment is no longer supported by the manufacturer, with current technology
and within 180 days from its end-of-service date.
j. Failure to adhere to this policy will result in
revocation of VTC equipment registration and notification sent to DS/IS/APD.
5
FAM 595 video
Program office (vpo) Registration Policy
(CT:IM-166; 09-11-2015)
NOTE: All VTC endpoints on
Department of State enterprise networks must be registered through the VPO
before they can participate in VTC sessions.
5 FAM 595.1 ONDVC Registration
(CT:IM-166; 09-11-2015)
a. All VTC endpoints to be located in a CAA abroad must
obtain written Countermeasures Program Division (DS/ST/CMP)and post
counterintelligence working group (CIWG) authorization, per the requirements of
12 FAH-10
H-112.23, before registering for ONVDC use with the VPO.
b. All VTC endpoints, regardless of location, must
register their unclassified device in accordance with 12 FAH-10
H-112.23 before the VPO will continue the ONVDC registration process.
c. Once DS requirements have been met, the ONVDC
equipment owner must open a service request through the IT Service Center to
request a new ONVDC site registration with the VPO.
d. The VPO will contact the requestor to verify that
current equipment maintenance contracts are in place and appropriate DS
requirements have been met to continue the ONVDC registration process in
accordance with current VPO guidelines and standard operating procedures. Once
completed, the VPO will place the device in a database for annual
re-registration.
e. The ONVDC registration database will be managed by
the VPO and viewable online at the Service Maintenance Status site. Device
owners will be responsible to ensure point-of-contact (POC) information is
current.
f. The VPO will review the database continuously
throughout the calendar year. Annual renewal of the VTC device will occur if the
device has current authorization and annual maintenance contracts. If
authorization or maintenance contracts are not current the VPO will:
(1) Issue a 90-day notice to the equipment owner to
obtain authorization and/or purchase maintenance contract; and
(2) Place the device on a list for a 90-day review.
g. Failure to comply within the 90 day period will
result in revocation of the device registration for operational use.
5 FAM 595.2 SVDC Registration
(CT:IM-166; 09-11-2015)
a. Per 12 FAH-10 H-414,
all SVDC endpoints must obtain written authorization from DS/ST/CMP and the
CIWG (abroad), or DS/IS/APD and the Facilities Security Division (DS/PSP/FSD)
(domestically) before registering with the VPO for operational SVDC use.
b. Once authorization has been granted, the SVDC
equipment owner must open a service request through the IT Services Center to
request a new SVDC site registration with the VPO. The VPO will contact the
requestor to verify that DS SVDC authorization and equipment maintenance
contracts are in place and continue the registration process in accordance with
current VPO guidelines and standard operating procedures. Once registered, the
VPO will place the device in a database for annual re-registration.
c. The SVDC registration database will be managed by
the VPO. Device owners will be responsible to ensure point-of-contact (POC)
information is current.
d. The VPO will review the database continuously
throughout the calendar year. Annual renewal of the SVDC equipment will occur
if the device has current authorization and annual maintenance contracts. If
authorization or maintenance contracts are not current, the VPO will:
(1) Issue a 90-day notice to the equipment owner to
obtain authorization and/or purchase maintenance contract; and
(2) Place the device on a list for a 90-day review.
e. Failure to comply within the 90 day period will
result in revocation of the device registration for operational use.
5 FAM 596 REQUESTING VIDEO CONFERENCING
SERVICES
(CT:IM-166; 09-11-2015)
a. Users requesting video conferencing services such as
conference requests, new site registrations, equipment troubleshooting, and
other routine services should contact the IT Service Center, ITServiceCenter@State.Gov
at (202) 647-2000.
b. Users experiencing issues that require urgent
attention by VPO technicians may contact the VPO staff during its regular
business hours, 11:00 PM Sunday 11:00 PM Friday (EST), at (202) 663-3284 or
email to Video_Program_Office@state.gov.
5 FAM 597 through 599 UNASSIGNED