UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A Voice/Video/RTS system or device is NOT installed according to the deployment restrictions and/or mitigations contained in the IA test report, Certifying Authority’s recommendation and/or DSAWG approval documentation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8346 DSN03.05 SV-8841r1_rule DCAS-1 EBCR-1 ECSC-1 Low
Description
Requirement: The IAO will ensure that products or software releases are installed and maintained in accordance with all applicable STIGs AND the installation restrictions and vulnerability mitigations presented in the Security Assessment Report and Certifying Authority’s (CA’s) Recommendation Memo to the DSAWG. Systems listed on the DSN APL have been approved by the DSAWG as having acceptable risk for operation by DoD components. The residual risk is determined by the mitigations for any findings that cannot be closed. These mitigations may be determined or proposed by the vendor, IA test team, Certifying Authority, and/or the DSAWG and may take the form of deployment limitations and/or installation restrictions. The application of the recommended mitigations along with complying with any deployment limitations and/or installation restrictions is paramount to legally operating the system in a secure manner. The required mitigations, limitations, and restrictions should be contained in final test report produced by the VCAO following DSAWG approval. The IAO should maintain a copy of the final system testing report so that the required mitigations, limitations, and restrictions can be applied and compliance can be validated or verified.
STIG Date
Defense Switched Network (DSN) STIG 2017-01-19

Details

Check Text ( C-7649r2_chk )
Or review the required “documents on file” that are necessary for compliance with the requirement.
Fix Text (F-7968r1_fix)
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.