STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-8785r1_rule
V-8290
Deficient doc’n: Inventory of authorized endpoints
VVoIP 1505 (GENERAL)
CAT II
10
Ensure that an inventory of authorized instruments is documented and maintained.
NOTE: This inventory will be separate from the inventory created within the Local Session Controller (LSC) from the listing of registered instruments. Authorized instruments must be added to this inventory before configuration in the LSC and instrument registration. The inventory may be offline or online on a separate server or workstation from the LSC (for example, the LSC management workstation).
Prepare and maintain an inventory / database of authorized VoIP instruments. Generate and store the inventory on a separate workstation or server from the LSC (for example, the LSC management workstation).
Recommendation: Create the inventory in a format that can easily be compared through automation to the report of registered instruments from the LSC (if available). This will facilitate regular review of the inventory to detect unauthorized instruments and will make the IA review easier.
Interview the IAO and review site documentation to confirm compliance with the following requirement: Ensure that an inventory of authorized instruments is documented and maintained.
Inspect the authorized instrument inventory.
NOTE: This inventory will be separate from the inventory created within the Local Session Controller (LSC) from the listing of registered instruments. Authorized instruments must be added to this inventory before configuration in the LSC and instrument registration. The inventory may be offline or online on a separate server or workstation from the LSC (for example, the LSC management workstation).
This is a finding if the inventory does not exist, does not appear to be up to date.
Ask how this inventory is generated and where it is stored. This is a finding in the event it is located on the LSC.
V-8290
False
VVoIP 1505 (GENERAL)
Interview the IAO and review site documentation to confirm compliance with the following requirement: Ensure that an inventory of authorized instruments is documented and maintained.
Inspect the authorized instrument inventory.
NOTE: This inventory will be separate from the inventory created within the Local Session Controller (LSC) from the listing of registered instruments. Authorized instruments must be added to this inventory before configuration in the LSC and instrument registration. The inventory may be offline or online on a separate server or workstation from the LSC (for example, the LSC management workstation).
This is a finding if the inventory does not exist, does not appear to be up to date.
Ask how this inventory is generated and where it is stored. This is a finding in the event it is located on the LSC.
I
Unauthorized use or abuse of the system
Information Assurance Officer
594