STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

A PC communications application is operated with administrative or root level privileges.

DISA Rule

SV-17102r1_rule

Vulnerability Number

V-16114

Group Title

Deficient Config: PC Comm App Operating Privilege

Rule Version

VVoIP 1715 (GENERAL)

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges.

Configure the application and/or platform to not operate with administrative privileges or un-install it. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.

Check Contents

Interview the IAO to validate compliance with the following requirement:
Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges.

Determine if the installed PC voice, video, UC, or collaboration communications application(s) requires and/or is configured to operate with administrative privileges. Inspect a random sampling of PC voice, video, UC, or collaboration communications applications to determine if they are configured to operate with administrative privileges. This is a finding if a PC voice, video, UC, or collaboration communications application requires with administrative privileges to operate or if the application or platform is configured such that the application runs with administrative privileges. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.

Vulnerability Number

V-16114

Documentable

False

Rule Version

VVoIP 1715 (GENERAL)

Severity Override Guidance

Interview the IAO to validate compliance with the following requirement:
Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges.

Determine if the installed PC voice, video, UC, or collaboration communications application(s) requires and/or is configured to operate with administrative privileges. Inspect a random sampling of PC voice, video, UC, or collaboration communications applications to determine if they are configured to operate with administrative privileges. This is a finding if a PC voice, video, UC, or collaboration communications application requires with administrative privileges to operate or if the application or platform is configured such that the application runs with administrative privileges. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.

Check Content Reference

I

Potential Impact

Compromise of the supporting PC, attached network, and/or network resources.

Responsibility

Information Assurance Officer

Target Key

594

Comments