Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the identity of the initiator of the call.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259999 | SRG-NET-000077-VVSM-00101 | SV-259999r948958_rule | Medium |
| Description |
|---|
| Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are generated from several components within the Voice Video system (e.g., session manager, session border control, gateway, gatekeeper, or endpoints). Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. |
| STIG | Date |
|---|---|
| Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide | 2024-03-11 |
Details
| Check Text ( C-63730r948956_chk ) |
|---|
| Verify the Enterprise Voice, Video, and Messaging Session Manager produces session records containing the identity of the initiator of the call. The identity of the initiator of the call in this context would be the device ID or the address of the MAC or IP. For Enterprise Voice, Video, and Messaging Session Managers that have the concept of a user rather than device, this requirement is not applicable. If the Enterprise Voice, Video, and Messaging Session Manager does not produce session records containing the identity of the initiator of the call, this is a finding. |
| Fix Text (F-63637r948957_fix) |
|---|
| Configure the Enterprise Voice, Video, and Messaging Session Manager to produce session records containing the identity of the initiator of the call. |