STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

All VTC system management systems/servers are not configured in compliance with all applicable STIGs

DISA Rule

SV-18881r1_rule

Vulnerability Number

V-17707

Group Title

RTS-VTC 3460.00 [IP]

Rule Version

RTS-VTC 3460.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

[IP]; Perform the following tasks:
- Determine the STIGs that are applicable to the VTC system’s management suites/applications, gateways, and scheduling systems.
- Configure these systems in accordance with the requirements in the applicable STIGs

Check Contents

[IP]; Interview the IAO and validate compliance with the following requirement:

Ensure all VTC system management suites/applications, gateways, and scheduling systems are configured in compliance with all applicable STIGs and are operated on STIG compliant platforms.

Note: The following is a listing of, but possibly not all, applicable STIGs:

- Operating system e.g., Windows, UNIX
- Web Server, Application Services
- Database
- Application Development, Application Security Checklist

Determine the STIGs that are applicable to the site’s VTC system management suites/applications, gateways, and scheduling systems. Inspect documentation regarding the IA review of these systems and applications against the applicable STIGs. This is a finding only if the site’s VTC system management suites/applications, gateways, and scheduling systems have not been reviewed against all applicable STIGs. This is not a finding if all applicable reviews have been performed regardless of the number of findings determined during those reviews. The IA posture of the reviewed system is based on the results of those reviews.

Vulnerability Number

V-17707

Documentable

False

Rule Version

RTS-VTC 3460.00

Severity Override Guidance

[IP]; Interview the IAO and validate compliance with the following requirement:

Ensure all VTC system management suites/applications, gateways, and scheduling systems are configured in compliance with all applicable STIGs and are operated on STIG compliant platforms.

Note: The following is a listing of, but possibly not all, applicable STIGs:

- Operating system e.g., Windows, UNIX
- Web Server, Application Services
- Database
- Application Development, Application Security Checklist

Determine the STIGs that are applicable to the site’s VTC system management suites/applications, gateways, and scheduling systems. Inspect documentation regarding the IA review of these systems and applications against the applicable STIGs. This is a finding only if the site’s VTC system management suites/applications, gateways, and scheduling systems have not been reviewed against all applicable STIGs. This is not a finding if all applicable reviews have been performed regardless of the number of findings determined during those reviews. The IA posture of the reviewed system is based on the results of those reviews.

Check Content Reference

I

Potential Impact

Not using DoD STIG guidance to secure VTC system/device management systems/servers could lead to denial of service or the disclosure of sensitive or classified information to individuals that may not have an appropriate need-to-know or proper security clearance.

Responsibility

Information Assurance Officer

Target Key

1418

Comments