STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

VTC system and endpoint users must sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint.

DISA Rule

SV-18885r2_rule

Vulnerability Number

V-17711

Group Title

RTS-VTC 3720

Rule Version

RTS-VTC 3720.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement a policy and procedure providing VTC system and endpoint users must sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint. Maintain copies of the signed user agreements and provide a copy to the user for their reference.

Check Contents

Review site documentation to confirm a policy and procedure requires the VTC system and endpoint users must sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint. Inspect the user agreement to confirm it contains the following at minimum:
- Acknowledgement of their awareness of the vulnerabilities and risks associated with the use of the specific VTC system or devices the user is receiving, will receive, or use.
- Acknowledgement of their awareness of the methods contained in the SOP and training materials intended to mitigate the vulnerabilities and risks
- Agreement to operate the system in a secure manner and employ the methods contained in the SOP and training materials intended to mitigate the vulnerabilities and risks
- Acknowledgement of the penalties for non-compliance with the rules of operation if stated in the agreement.
- Acknowledgement of their awareness of the capability (or lack thereof) of the system to provide assured service for C2 communications

If a policy and procedure requiring the VTC system and endpoint users to sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint does not exist, this is a finding. If the user agreement does not, at minimum, contain the above, this is a finding.

Vulnerability Number

V-17711

Documentable

False

Rule Version

RTS-VTC 3720.00

Severity Override Guidance

Review site documentation to confirm a policy and procedure requires the VTC system and endpoint users must sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint. Inspect the user agreement to confirm it contains the following at minimum:
- Acknowledgement of their awareness of the vulnerabilities and risks associated with the use of the specific VTC system or devices the user is receiving, will receive, or use.
- Acknowledgement of their awareness of the methods contained in the SOP and training materials intended to mitigate the vulnerabilities and risks
- Agreement to operate the system in a secure manner and employ the methods contained in the SOP and training materials intended to mitigate the vulnerabilities and risks
- Acknowledgement of the penalties for non-compliance with the rules of operation if stated in the agreement.
- Acknowledgement of their awareness of the capability (or lack thereof) of the system to provide assured service for C2 communications

If a policy and procedure requiring the VTC system and endpoint users to sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint does not exist, this is a finding. If the user agreement does not, at minimum, contain the above, this is a finding.

Check Content Reference

M

Responsibility

Other

Target Key

1418

Comments