Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
User Guides and documentation packages must be developed and distributed to users operating VTC endpoints.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17712 | RTS-VTC 3740.00 | SV-18886r2_rule | PRTN-1 | Medium |
| Description |
|---|
| User documentation packages should include user agreements, training documentation, and endpoint user guides that reiterate the training information and the agreed upon User Agreement policies. The Endpoint User Guides should also provide additional information to include system or device operations, usage procedures for features, and IA measures as required to address the protection of both meeting related and non-meeting related information |
| STIG | Date |
|---|---|
| Video Services Policy STIG | 2015-12-29 |
Details
| Check Text ( C-18982r2_chk ) |
|---|
| Review site documentation to confirm user guides and documentation packages are developed and distributed to users operating VTC endpoints, to include conference room systems, that provides the following information: - Reiterates the policies and restrictions agreed to when the user’s agreement was signed upon receiving the VTC endpoint of authorization to use one. - Provides cautions and notice of the non-assured nature of VTC communications so that C2 users are aware and reminded regarding the use of this communications media for C2. - Provides instruction regarding the proper and safe use of a VTC endpoint’s or conference room system’s audio and video capabilities such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the proper and safe use of document and desktop sharing when using a PC connected to a VTC endpoint such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the safeguarding of meeting related and non-meeting related sensitive and/or classified information If user guides and documentation packages are not developed and distributed to users operating VTC endpoints, this is a finding. |
| Fix Text (F-17609r3_fix) |
|---|
| Implement a policy or procedure for User Guides and documentation packages to be developed and distributed to users operating VTC endpoints, to include conference room systems that provide the following information: - Reiterates the policies and restrictions agreed to when the user’s agreement was signed upon receiving the VTC endpoint of authorization to use one. - Provides cautions and notice of the non-assured nature of VTC communications so that C2 users are aware and reminded regarding the use of this communications media for C2. - Provides instruction regarding the proper and safe use of a VTC endpoint’s or conference room system’s audio and video capabilities such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the proper and safe use of document and desktop sharing when using a PC connected to a VTC endpoint such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the safeguarding of meeting related and non-meeting related sensitive and/or classified information. |