STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18722r1_rule
V-17595
RTS-VTC 1040.00 [IP][ISDN]
RTS-VTC 1040.00
CAT III
10
[IP][ISDN]; Perform the following tasks:
Administratively disable the auto-answer function on the VTU unless required to fulfill validated and approved mission requirements.
If auto-answer is required to fulfill validated and approved mission requirements, obtain written approval for the use of this function from DAA or IAM and maintain documentation on the validated requirement and approval.
Train users in the proper use and vulnerabilities associated with the use of auto-answer
[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:
If a VTC endpoint auto-answer feature is available, ensure it is administratively disabled, thus ensuring the feature is not selectable by the user, unless required to satisfy validated, approved, and documented mission requirements.
Note: The documented and validated mission requirements along with their approval(s) are maintained by the IAO for inspection by auditors. Such approval will be obtained from the DAA or IAM responsible for the VTU(s) or system.
Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU.
Verify that if the auto-answer feature is available on the VTU endpoint that it is administratively disabled. If the auto-answer is a mission requirement, verify that IAO has evidence/documentation that the DAA or IAM responsible has given written approval for its use.
V-17595
False
RTS-VTC 1040.00
[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:
If a VTC endpoint auto-answer feature is available, ensure it is administratively disabled, thus ensuring the feature is not selectable by the user, unless required to satisfy validated, approved, and documented mission requirements.
Note: The documented and validated mission requirements along with their approval(s) are maintained by the IAO for inspection by auditors. Such approval will be obtained from the DAA or IAM responsible for the VTU(s) or system.
Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU.
Verify that if the auto-answer feature is available on the VTU endpoint that it is administratively disabled. If the auto-answer is a mission requirement, verify that IAO has evidence/documentation that the DAA or IAM responsible has given written approval for its use.
I
The inadvertent disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.
Other
1418