STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

User training must include Unified Capability (UC) soft client accessory network bridging risks.

DISA Rule

SV-17076r2_rule

Vulnerability Number

V-16088

Group Title

UC soft client bridging training

Rule Version

VVoIP 1320 (GENERAL)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

In the event a UC soft client accessory providing a network bridging capability is approved for use to fulfill a validated and approved mission requirement, the ISSO will ensure personnel are properly trained in their implementation and proper use. This training is to be acknowledged in user agreements and included in user guides.

Provide the appropriate user training and training materials such that users operate their UC soft client accessories, including PPGs, ATAs, USB phones, and wireless headsets that provide a network bridging in an approved manner and require they sign user agreements that acknowledge the training and policy.

Check Contents

Interview the ISSO to validate compliance with the following requirement:

In the event a UC soft client accessory providing a network bridging capability is approved for use to fulfill a validated and approved mission requirement, the ISSO will ensure personnel are properly trained in their implementation and proper use. This training is to be acknowledged in user agreements and included in user guides.

Determine if UC soft client accessories, including PPGs, ATAs, USB phones, or wireless headsets, that provide a network bridging capability to a different network (e.g., the PSTN or DSN) are used on a DoD PC or network. If so, further determine if there is a validated and approved mission requirement for their use. Inspect training materials on this subject. Interview a random sampling of users regarding their knowledge of the proper usage of this bridging capability. Inspect user agreements for acknowledgement of this training.

This is a finding if the training, training materials, or user awareness of the proper use policy are deficient or if the policy is not addressed and acknowledged in signed user agreements.

Vulnerability Number

V-16088

Documentable

False

Rule Version

VVoIP 1320 (GENERAL)

Severity Override Guidance

Interview the ISSO to validate compliance with the following requirement:

In the event a UC soft client accessory providing a network bridging capability is approved for use to fulfill a validated and approved mission requirement, the ISSO will ensure personnel are properly trained in their implementation and proper use. This training is to be acknowledged in user agreements and included in user guides.

Determine if UC soft client accessories, including PPGs, ATAs, USB phones, or wireless headsets, that provide a network bridging capability to a different network (e.g., the PSTN or DSN) are used on a DoD PC or network. If so, further determine if there is a validated and approved mission requirement for their use. Inspect training materials on this subject. Interview a random sampling of users regarding their knowledge of the proper usage of this bridging capability. Inspect user agreements for acknowledgement of this training.

This is a finding if the training, training materials, or user awareness of the proper use policy are deficient or if the policy is not addressed and acknowledged in signed user agreements.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

594

Comments