The Enterprise Voice, Video, and Messaging Session Manager must be configured to enforce changes to privileges of Voice Video Endpoint device access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-260022	SRG-NET-000322-VVSM-00101	SV-260022r949027_rule		Medium

Description
Without the enforcement of immediate change to privilege levels, users and devices may not provide the correct level of service. Privileges include access to outside connections, precedence, and preemption capabilities. A user with higher precedence and preemption capability may supplant users authorized higher levels of access. Endpoints must be limited to the privileges needed to conduct business and changes to privileges must be enforced immediately. Access authorizations should be dynamic to reflect changing conditions; if a revocation is not enforced in a timely manner, users may have inappropriate access. Revocation of access rules may differ based on the types of access revoked. For example, if a subject (i.e., user or process) is removed from a group, access may not be revoked until the next time the object (e.g., file) is opened or until the next time the subject attempts a new access to the object. Revocation based on changes to security labels may take effect immediately. It may be necessary to immediately revoke access in certain circumstances (i.e., a compromised account is being used). This may be mitigated by implementing SRG-NET-000321-VVSM-00007.

Description

Without the enforcement of immediate change to privilege levels, users and devices may not provide the correct level of service. Privileges include access to outside connections, precedence, and preemption capabilities. A user with higher precedence and preemption capability may supplant users authorized higher levels of access. Endpoints must be limited to the privileges needed to conduct business and changes to privileges must be enforced immediately. Access authorizations should be dynamic to reflect changing conditions; if a revocation is not enforced in a timely manner, users may have inappropriate access. Revocation of access rules may differ based on the types of access revoked. For example, if a subject (i.e., user or process) is removed from a group, access may not be revoked until the next time the object (e.g., file) is opened or until the next time the subject attempts a new access to the object. Revocation based on changes to security labels may take effect immediately. It may be necessary to immediately revoke access in certain circumstances (i.e., a compromised account is being used). This may be mitigated by implementing SRG-NET-000321-VVSM-00007.

STIG	Date
Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide	2024-03-11

Details

Check Text ( C-63753r949025_chk )
Verify the Enterprise Voice, Video, and Messaging Session Manager enforces change to privileges of Voice Video Endpoint device access. Privileges include access to outside connections, precedence, and preemption capabilities. If the Enterprise Voice, Video, and Messaging Session Manager does not enforce changes to privileges of Voice Video Endpoint device access, this is a finding.

Fix Text (F-63660r949026_fix)
Configure the Enterprise Voice, Video, and Messaging Session Manager to enforce changes to privileges of Voice Video Endpoint device access.