STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

User training must deny the use of personally provided Unified Capability (UC) soft client accessories.

DISA Rule

SV-17074r2_rule

Vulnerability Number

V-16086

Group Title

UC soft client accessory training

Rule Version

VVoIP 1315 (GENERAL)

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure personnel are trained not to employ personally provided UC soft client accessories, including PPGs, ATAs, USB phones, or wireless headsets. This policy is to be acknowledged in user agreements and included in user training and user guides.

Provide the appropriate user training such that they do not employ personally provided UC soft client accessories and require they sign user agreements that acknowledge the training and policy.

Check Contents

Interview the ISSO to validate compliance with the following requirement:

Ensure personnel are trained not to employ personally provided UC soft client accessories, including PPGs, ATAs, USB phones, or wireless headsets. This policy is to be acknowledged in user agreements and included in user training and user guides.

Determine if training is provided to users about not employing personally provided UC soft client accessories. Inspect user agreements for acknowledgement of this training. Interview a random sampling of users regarding their awareness of this subject.

This is a finding if the training, training materials, or user awareness of the policy are deficient or if the policy is not addressed and acknowledged in signed user agreements.

Vulnerability Number

V-16086

Documentable

False

Rule Version

VVoIP 1315 (GENERAL)

Severity Override Guidance

Interview the ISSO to validate compliance with the following requirement:

Ensure personnel are trained not to employ personally provided UC soft client accessories, including PPGs, ATAs, USB phones, or wireless headsets. This policy is to be acknowledged in user agreements and included in user training and user guides.

Determine if training is provided to users about not employing personally provided UC soft client accessories. Inspect user agreements for acknowledgement of this training. Interview a random sampling of users regarding their awareness of this subject.

This is a finding if the training, training materials, or user awareness of the policy are deficient or if the policy is not addressed and acknowledged in signed user agreements.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

594

Comments