STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18869r1_rule
V-17695
RTS-VTC 2380.00 [IP]
RTS-VTC 2380.00
CAT II
10
[IP]; Perform the following tasks when CODEC streaming is not required to be use:
Configure the CODEC as follows:
- Disable streaming and/or user activation of streaming
- Disable remote start of streaming (if remote start is supported)
OR if the above settings do not exist or do not work properly:
- Clear the streaming destination or multicast address(s)
- Set TTL/router hops to 0 or a maximum of 1 if 0 is not accepted.
- Set the password used to access the CODEC for streaming to a strong password that meets or exceeds minimum DoD password requirements. This password is kept confidential.
Note: If clearing the IP address or IP port does not prevent the CODEC from streaming to a default address or port, set a unicast addresses that will never be used by a device and set a very high IP port.
Note: This requirement is applicable whether the CODEC is normally connected to an IP based LAN or not. If not normally connected to an IP based LAN, these settings will mitigate the vulnerability in the event the CODEC does become connected to a LAN via un-authorized or clandestine means
); [IP]; Interview the IAO to validate compliance with the following requirement:
Ensure the following streaming configuration settings are implemented as prudent to further minimize the effect of accidental or unwanted streaming activation when streaming is not required to be activated:
- Disable streaming and/or user activation of streaming
- Disable remote start of streaming (if remote start is supported)
OR if the above settings do not exist or do not work properly:
- Clear the streaming destination or multicast address(s)
- Set TTL/router hops to 0 or a maximum of 1 if 0 is not accepted.
- Set the password used to access the CODEC for streaming to a strong password that meets or exceeds minimum DoD password requirements. This password is kept confidential.
Note: If clearing the IP address or IP port does not prevent the CODEC from streaming to a default address or port, set a unicast addresses that will never be used by a device and set a very high IP port.
Note: This requirement is applicable whether the CODEC is normally connected to an IP based LAN or not. If not normally connected to an IP based LAN, these settings will mitigate the vulnerability in the event the CODEC does become connected to a LAN via un-authorized or clandestine means
Note: During APL testing, this is a finding in the event the product does not support the ability to disable conference streaming.
Have the IAO or SA demonstrate the streaming configuration on a random sampling of CODECs.
V-17695
False
RTS-VTC 2380.00
); [IP]; Interview the IAO to validate compliance with the following requirement:
Ensure the following streaming configuration settings are implemented as prudent to further minimize the effect of accidental or unwanted streaming activation when streaming is not required to be activated:
- Disable streaming and/or user activation of streaming
- Disable remote start of streaming (if remote start is supported)
OR if the above settings do not exist or do not work properly:
- Clear the streaming destination or multicast address(s)
- Set TTL/router hops to 0 or a maximum of 1 if 0 is not accepted.
- Set the password used to access the CODEC for streaming to a strong password that meets or exceeds minimum DoD password requirements. This password is kept confidential.
Note: If clearing the IP address or IP port does not prevent the CODEC from streaming to a default address or port, set a unicast addresses that will never be used by a device and set a very high IP port.
Note: This requirement is applicable whether the CODEC is normally connected to an IP based LAN or not. If not normally connected to an IP based LAN, these settings will mitigate the vulnerability in the event the CODEC does become connected to a LAN via un-authorized or clandestine means
Note: During APL testing, this is a finding in the event the product does not support the ability to disable conference streaming.
Have the IAO or SA demonstrate the streaming configuration on a random sampling of CODECs.
I
The inadvertent or improper disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.
Information Assurance Officer
1418