inadequate user training for pc presentation sharing that could lead to compromise of other information on the presenting PC
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17697 | RTS-VTC 2460.00 | SV-18871r1_rule | DCBP-1 ECSC-1 PRTN-1 | Medium |
| Description |
|---|
| Users must be trained regarding the display of information that is not part of the conference. Such training must be based on the SOP discussed under RTS-VTC 2440.01 that is designed to mitigate the vulnerability. |
| STIG | Date |
|---|---|
| Video Services Policy STIG | 2020-02-25 |
Details
| Check Text ( C-18967r1_chk ) |
|---|
| [IP][ISDN]; Interview the IAO to validate compliance with the following requirement: Ensure VTU users receive training in the proper use and operation of PC to CODEC connections and understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure. Interview a sampling of VTU administrators and users to verify that training has been provided for proper use and operation of PC to CODEC connections and that they understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure. This is a finding if deficiencies are found. List these deficiencies in the finding details. |
| Fix Text (F-17594r1_fix) |
|---|
| [IP][ISDN]; Perform the following tasks: Train users and administrators in the proper use and operation of PC to CODEC connections and provide an understanding of the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure. |