Insufficient security clearance held by an “operator/facilitator/administrator” performing remote monitoring activities during a VTC session/conference.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17681	RTS-VTC 1168.00	SV-18855r1_rule	PRMP-1 PRMP-2 PRNK-1	Medium

Description
Administrators or “operators/facilitators” that perform monitoring as discussed in this section must have an appropriate security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

STIG	Date
Video Services Policy STIG	2014-06-26

Details

Check Text ( C-18951r1_chk )
[IP][ISDN]; Interview the Administrator to validate compliance with the following requirement: Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed. Verify with IAO that conference call operator/facilitator has security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

Check Text ( C-18951r1_chk )

[IP][ISDN]; Interview the Administrator to validate compliance with the following requirement:

Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed.

Verify with IAO that conference call operator/facilitator has security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

Fix Text (F-17578r1_fix)
[IP][ISDN]; Perform the following tasks: Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed.