STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

Deficient training for the secure operation of PC desktop, presentation, or application sharing capabilities of a collaboration tool.

DISA Rule

SV-17069r1_rule

Vulnerability Number

V-16081

Group Title

Deficient User Trng: PC Collab App Shar’g Security

Rule Version

VVoIP 1310 (GENERAL)

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure users of PC based collaboration applications are trained to only share control of their PC or applications with other users that they are familiar with and/or can identify as trustworthy.

Produce training materials and provide training such that users of PC based collaboration applications only share control of their PC or applications with other users with whom they are familiar with and/or can identify as trustworthy.

Check Contents

Interview the IAO to validate compliance with the following requirement:

Ensure users of PC based collaboration applications are trained to only share control of their PC or applications with other users that they are familiar with and/or can identify as trustworthy.

Determine if training is provided such that users of PC based collaboration applications only share control of their PC or applications with other users with whom they are familiar with and/or can identify as trustworthy. Inspect training materials for related content. Interview a random sampling of users to determine if they are properly trained on this topic.

This is a finding if the training or training materials are deficient.

Vulnerability Number

V-16081

Documentable

False

Rule Version

VVoIP 1310 (GENERAL)

Severity Override Guidance

Interview the IAO to validate compliance with the following requirement:

Ensure users of PC based collaboration applications are trained to only share control of their PC or applications with other users that they are familiar with and/or can identify as trustworthy.

Determine if training is provided such that users of PC based collaboration applications only share control of their PC or applications with other users with whom they are familiar with and/or can identify as trustworthy. Inspect training materials for related content. Interview a random sampling of users to determine if they are properly trained on this topic.

This is a finding if the training or training materials are deficient.

Check Content Reference

I

Potential Impact

The inadvertent or improper disclosure of sensitive or classified information.

Responsibility

Information Assurance Manager

Target Key

594

Comments