UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

inadequate user training for pc presentation sharing that could lead to compromise of other information on the presenting PC


Overview

Finding ID Version Rule ID IA Controls Severity
V-17697 RTS-VTC 2460.00 SV-18871r1_rule DCBP-1 ECSC-1 PRTN-1 Medium
Description
Users must be trained regarding the display of information that is not part of the conference. Such training must be based on the SOP discussed under RTS-VTC 2440.01 that is designed to mitigate the vulnerability.
STIG Date
Video Services Policy STIG 2017-04-06

Details

Check Text ( C-18967r1_chk )
[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:

Ensure VTU users receive training in the proper use and operation of PC to CODEC connections and understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure.

Interview a sampling of VTU administrators and users to verify that training has been provided for proper use and operation of PC to CODEC connections and that they understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure. This is a finding if deficiencies are found. List these deficiencies in the finding details.
Fix Text (F-17594r1_fix)
[IP][ISDN]; Perform the following tasks:
Train users and administrators in the proper use and operation of PC to CODEC connections and provide an understanding of the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure.