UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises, including government agencies and their contractors.

The NSA has warned that if these systems are not properly secured, they are exposed to the same risks as IP systems, including software vulnerabilities and various types of malware. Threat actors could abuse such systems to impersonate users, eavesdrop on conversations, cause disruptions, and conduct fraud.

In an effort to help organizations secure UC and VVoIP systems, the NSA has released a 43-page guide that describes network, perimeter, enterprise session controller, and endpoint security best practices and mitigations.