The Enterprise Voice, Video, and Messaging Endpoint must be configured to disable the Far End Camera Control feature if supported.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259948	SRG-NET-000018-VVEP-00108	SV-259948r948811_rule		Medium

Description
Many VTC endpoints support Far End Camera Control (FECC). This feature uses H.281 protocol, which must be supported by both VTUs. Typically, this is only available during an active VTC session but could be available if the VTU is compromised or if a call is automatically answered. Allowing another conference attendee to take control of the camera can place the confidentiality of nonconference-related information at risk. FECC should be disabled to prevent the control of the near end camera by the far end unless required to satisfy validated mission requirements.

Description

Many VTC endpoints support Far End Camera Control (FECC). This feature uses H.281 protocol, which must be supported by both VTUs. Typically, this is only available during an active VTC session but could be available if the VTU is compromised or if a call is automatically answered. Allowing another conference attendee to take control of the camera can place the confidentiality of nonconference-related information at risk. FECC should be disabled to prevent the control of the near end camera by the far end unless required to satisfy validated mission requirements.

STIG	Date
Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide	2024-03-06

Details

Check Text ( C-63679r946811_chk )
Ensure far end camera control is disabled unless required to satisfy validated, approved, and documented mission requirements. Note: The documented and validated mission requirements along with their approval(s) are maintained by the ISSO for inspection by auditors. Such approval is obtained from the AO or ISSM responsible for the VTU(s) or system. Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU. i.e., far end camera control must be able to be disabled or the feature must not be supported. Determine if remote monitoring is required and approved to meet mission requirements. Have the ISSO or SA demonstrate compliance with the requirement.

Check Text ( C-63679r946811_chk )

Ensure far end camera control is disabled unless required to satisfy validated, approved, and documented mission requirements.

Note: The documented and validated mission requirements along with their approval(s) are maintained by the ISSO for inspection by auditors. Such approval is obtained from the AO or ISSM responsible for the VTU(s) or system.

Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU. i.e., far end camera control must be able to be disabled or the feature must not be supported.

Determine if remote monitoring is required and approved to meet mission requirements. Have the ISSO or SA demonstrate compliance with the requirement.

Fix Text (F-63586r946812_fix)
Perform the following tasks: Configure the CODEC to disable far end camera control. OR Document and validate the mission requirements that require far end camera control to be enabled and obtain AO approval. Maintain the requirement and approval documentation for review by auditors.