STIGQter STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

A VTC management system or endpoint must have risk approval and acceptance in writing by the responsible Authorizing Official (AO).

DISA Rule

SV-18883r3_rule

Vulnerability Number

V-17709

Group Title

RTS-VTC 3640

Rule Version

RTS-VTC 3640.00

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement site documentation containing the VTC management system and endpoint risk approval and acceptance in writing by the responsible AO.

Check Contents

Review site documentation to confirm the VTC management system and endpoint have risk approval and acceptance in writing by the responsible AO. Inspect documentation to ensure that if VTC and VTU endpoints are in use, they have been approved by the responsible AO in writing. This documentation should reference the risk assessment performed with the AO’s acknowledgement of a full understanding of any risk, vulnerabilities, and mitigations surrounding the VTC implementation. If the VTC management system and endpoint do not have risk approval and acceptance in writing by the responsible AO, this is a finding.

Vulnerability Number

V-17709

Documentable

False

Rule Version

RTS-VTC 3640.00

Severity Override Guidance

Review site documentation to confirm the VTC management system and endpoint have risk approval and acceptance in writing by the responsible AO. Inspect documentation to ensure that if VTC and VTU endpoints are in use, they have been approved by the responsible AO in writing. This documentation should reference the risk assessment performed with the AO’s acknowledgement of a full understanding of any risk, vulnerabilities, and mitigations surrounding the VTC implementation. If the VTC management system and endpoint do not have risk approval and acceptance in writing by the responsible AO, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1418

Comments