STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

Access control measures must be implemented for all conferences hosted on a centralized MCU appliance.

DISA Rule

SV-18894r2_rule

Vulnerability Number

V-17720

Group Title

RTS-VTC 5120

Rule Version

RTS-VTC 5120.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement access control measures to control access to conference scheduling systems such that only authorized individuals can schedule conferences.

Check Contents

Review site documentation to confirm access control measures are implemented to control access to conference scheduling systems such that only authorized individuals can schedule conferences. Verify that only authorized individuals are permitted to schedule conferences. Inspect VTC scheduling system to verify that only users that are identified for accessing and setting up scheduled VTC conferences have access to said scheduling function. If access control measures are not implemented for all conferences hosted on a centralized MCU appliance, this is a finding.

Vulnerability Number

V-17720

Documentable

False

Rule Version

RTS-VTC 5120.00

Severity Override Guidance

Review site documentation to confirm access control measures are implemented to control access to conference scheduling systems such that only authorized individuals can schedule conferences. Verify that only authorized individuals are permitted to schedule conferences. Inspect VTC scheduling system to verify that only users that are identified for accessing and setting up scheduled VTC conferences have access to said scheduling function. If access control measures are not implemented for all conferences hosted on a centralized MCU appliance, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1418

Comments