UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Inadequate “operator/facilitator/administrator” access control for remote monitoring of a VTU connected to an IP network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17600 RTS-VTC 1162.00 SV-18727r1_rule DCBP-1 ECSC-1 IAIA-1 IAIA-2 Medium
Description
Activation and use of remote monitoring and control features such as those discussed here and in RTS-VTC 1160.00 must be protected by access control. Minimally this must be the administrator password; however, access to this feature should not give full administrator access.
STIG Date
Video Services Policy STIG 2018-09-19

Details

Check Text ( C-18900r1_chk )
[IP]; Interview the IAO to validate compliance with the following requirement:

In the event the VTU is connected to an IP network ensure access to IP remote monitoring and associated control functions of the VTU is minimally protected by a password.

Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU. i.e., remote monitoring must be able to have a password set in order to access remote monitoring features.

Verify that an administrator password is required to access remotely accessible VTU. Have the IAO or SA demonstrate compliance with the requirement.
Fix Text (F-17518r1_fix)
[IP]; Perform the following tasks:
If IP remote monitoring is activated, configure the VTU to require a password before permitting access to the remote monitoring and associated control functions.