Microsoft Skype for Business 2016 STIG

Version	Date	Finding Count (3)			Downloads
1	2016-12-21 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02 2016-11-02	CAT I (High): 0	CAT II (Med): 3	CAT III (Low): 0	Excel	JSON	XML

STIG Description
The Microsoft Skype for Business 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Finding ID	Severity	Title	Description
V-70905	Medium	In the event a secure Session Initiation Protocol (SIP) connection fails, the connection must be restricted from resorting to the unencrypted HTTP.	Skype for Business 2016 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. The Lync...
V-70901	Medium	The ability of Lync to store user passwords must be disabled.	Skype for Business 2016 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These...
V-70903	Medium	Session Initiation Protocol (SIP) security mode must be configured.	Skype for Business 2016 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat, using the...