STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019: STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:SV-21495r3_rule
V-19444
VVoIP 1755
VVoIP 1755
CAT II
10
In the event an email text-to-speech feature is employed or enabled in a unified messaging system, and accessed via the dial-in voicemail access method, ensure PKI based authentication is used to access the feature as is required for normal email access control. Otherwise, disable the text-to-speech feature as well as any other dial-up method that does not provide for PKI authentication for accessing email.
Disable the text-to-speech feature of a unified mail service.
Interview the ISSO to validate compliance with the following requirement:
In the event an email text-to-speech feature is employed or enabled in a unified messaging and email system, and accessed via the dial-in voicemail access method, ensure DoD PKI authentication is used to access the feature as is required for normal email access control. Otherwise, disable the text-to-speech feature as well as any other dial-up method that does not provide for PKI authentication for accessing email.
Determine if the site has implemented a unified mail system where voicemail is delivered via the user’s email mailbox. This will normally imply that email could be available via normal voicemail access from a standard telephone and that the email is read to the user via a text-to-speech conversion feature. Inspect the configuration of the unified messaging and email server to determine if the text-to-speech feature is disabled. Alternately have the ISSO or SA demonstrate compliance with the requirement.
If email is accessible via voicemail without PKI authentication, this is a finding.
NOTE: Access to the email service must already be in compliance with DoD email access policy using PKI. Therefore, this requirement does not apply to accessing and listening to voicemail via the email service.
V-19444
False
VVoIP 1755
Interview the ISSO to validate compliance with the following requirement:
In the event an email text-to-speech feature is employed or enabled in a unified messaging and email system, and accessed via the dial-in voicemail access method, ensure DoD PKI authentication is used to access the feature as is required for normal email access control. Otherwise, disable the text-to-speech feature as well as any other dial-up method that does not provide for PKI authentication for accessing email.
Determine if the site has implemented a unified mail system where voicemail is delivered via the user’s email mailbox. This will normally imply that email could be available via normal voicemail access from a standard telephone and that the email is read to the user via a text-to-speech conversion feature. Inspect the configuration of the unified messaging and email server to determine if the text-to-speech feature is disabled. Alternately have the ISSO or SA demonstrate compliance with the requirement.
If email is accessible via voicemail without PKI authentication, this is a finding.
NOTE: Access to the email service must already be in compliance with DoD email access policy using PKI. Therefore, this requirement does not apply to accessing and listening to voicemail via the email service.
M
3407