The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing what type of connection occurred.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259955	SRG-NET-000074-VVEP-00022	SV-259955r948832_rule		Medium

Description
Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely on session management and border elements. Enterprise Voice, Video, and Messaging Endpoints capable of producing session records provide supplemental confirmation of monitored events. Enterprise Voice, Video, and Messaging Endpoints that communicate beyond these defined environments must generate session records. Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. Additionally, an adversary must not be able to modify or delete session records. Detailed records are typically produced by the session manager but can be augmented by nontelephone endpoint records.

Description

Session records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing session records and instead rely on session management and border elements. Enterprise Voice, Video, and Messaging Endpoints capable of producing session records provide supplemental confirmation of monitored events. Enterprise Voice, Video, and Messaging Endpoints that communicate beyond these defined environments must generate session records. Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. Additionally, an adversary must not be able to modify or delete session records. Detailed records are typically produced by the session manager but can be augmented by nontelephone endpoint records.

STIG	Date
Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide	2024-03-06

Details

Check Text ( C-63686r948830_chk )
Verify the Enterprise Voice, Video, and Messaging Endpoint produces session records containing what type of connection occurred. The record must include the session type (voice/direct, voice/conference, video/direct, video/conference, etc.), the specific protocols used for control and media traffic (SIP/SRTP, H.323, etc.), and the type of endpoint (mobile, telephone, codec, etc.). If the Enterprise Voice, Video, and Messaging Endpoint does not produce session records containing what type of connection occurred, this is a finding.

Check Text ( C-63686r948830_chk )

Verify the Enterprise Voice, Video, and Messaging Endpoint produces session records containing what type of connection occurred. The record must include the session type (voice/direct, voice/conference, video/direct, video/conference, etc.), the specific protocols used for control and media traffic (SIP/SRTP, H.323, etc.), and the type of endpoint (mobile, telephone, codec, etc.).

If the Enterprise Voice, Video, and Messaging Endpoint does not produce session records containing what type of connection occurred, this is a finding.

Fix Text (F-63593r948831_fix)
Configure the Enterprise Voice, Video, and Messaging Endpoint to produce session records containing what type of connection occurred.