V-16074 | High | Deficient Policy or SOP for VTC and PC camera operations regarding their ability to pickup and transmit sensitive or classified information in visual form. | Users of conference room or office based VTC systems and PC based communications applications that employ a camera must not inadvertently display information of a sensitive or classified nature... |
V-43027 | High | An enclave supporting an IP-based VTC system that must communicate across an IP WAN must implement a VTC/VVoIP-aware firewall or H.460-based firewall traversal solution at its boundary with the WAN. | To support a VTC session through a standard non H.323 aware firewall, the administrator must open a wide range (from 16000 to 65000) of UDP ports. If the VTU only connects with one other endpoint... |
V-17687 | High | Default passwords are not changed. | DoDI 8500.2 IA controls IAIA-1 and IAIA-2 state, in part: “Ensure all factory set, default, standard or well-known user-IDs and passwords are removed or changed.”
Factory default, well-known,... |
V-43016 | High | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by connecting the CODEC to one network at a time, matching the classification level of the session to the classification level of the network. | Connecting to networks of different classifications simultaneously incurs the risk of data from a higher classification being released to a network of a lower classification, referred to as a... |
V-43017 | High | IP-based VTC systems must not connect to ISDN lines when connected to a classified network. | Most CODECs have a built-in IMUX such that multiple ISDN lines can terminate directly on the CODEC. ISDN lines used for VTC transport are provided by a traditional telephone switch on an... |
V-16078 | Medium | Deficient SOP or enforcement regarding presentation and application sharing via a PC or VTC. | Visual collaboration often requires the sharing or display of presentations, open documents, and white board information to one or more communicating endpoints. While the technology for doing this... |
V-17596 | Medium | Deficient SOP for, enforcement, usage, or configuration of the auto-answer feature. | In the event the auto-answer feature is approved for use or cannot be administratively disabled and thus is available for users to activate, several mitigating requirements must be met. The first... |
V-17711 | Medium | VTC system user agreements are not signed or used when a user receives an endpoint or approval to use an endpoint. | DoDI 8500.2 IA control PRRB-1 regarding “Security Rules of Behavior or Acceptable Use Policy” states “A set of rules that describe the IA operations of the DoD information system and clearly... |
V-16076 | Medium | Deficient Policy or SOP regarding VTC, PC, and speakerphone microphone operations regarding their ability to pickup and transmit sensitive or classified information in aural form. | Microphones used with VTC systems and devices are designed to be extremely sensitive such that people speaking anywhere within a conference room is picked up and amplified so they can be heard... |
V-16077 | Medium | Deficient Policy or SOP regarding PC communications video display positioning. | When communicating using a PC based voice, video, UC, or collaboration communications application, the user must protect the information displayed from being viewed by individuals that do not have... |
V-17600 | Medium | Inadequate “operator/facilitator/administrator” access control for remote monitoring of a VTU connected to an IP network. | Activation and use of remote monitoring and control features such as those discussed here and in RTS-VTC 1160.00 must be protected by access control. Minimally this must be the administrator... |
V-17696 | Medium | VTU/CODEC is not properly configured to support streaming. | In the event conference streaming directly from a VTU/CODEC is approved for a given conference, the administrator will need to properly configure the VTU to support the streamed conference. One of... |
V-43015 | Medium | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next. | All residual data (data that is unintentionally left behind on computer media) must be cleared before transitioning from one period/network to the next. Since the equipment is reused,... |
V-17706 | Medium | A DoD logon Electronic Notice (Warning) and Consent Banner is not displayed prior to logon and acknowledged by the user. | DoDI 8500.2 IA control ECWM-1 regarding “Warning Message”; requires “users” to be warned that “they are entering a Government information system, and are provided with appropriate privacy and... |
V-17697 | Medium | inadequate user training for pc presentation sharing that could lead to compromise of other information on the presenting PC | Users must be trained regarding the display of information that is not part of the conference.
Such training must be based on the SOP discussed under RTS-VTC 2440.01 that is designed to mitigate... |
V-17709 | Medium | A VTC management system or endpoint use does not have written approval and acceptance of risk by the responsible DAA. | DoDI 8500.2 IA control DCII-1 regarding “Security Design and Configuration/IA Impact Assessment” states “Changes to the DoD information system are assessed for IA and accreditation impact prior to... |
V-17708 | Medium | Deficient SOP or enforcement regarding the approval and deployment of VTC capabilities. | Due to the various IA issues surrounding VTC endpoint operation, they should only be installed or deployed where there is a validated requirement for their use. Conference room systems are easily... |
V-43041 | Medium | An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences must utilize an approved pair of EIA-530 A/B switches operated in tandem or a dual A/B switch to switch the Type 1 encryptor in/out of the circuit between the CODEC and IMUX. | ISDN-based VTC systems supporting secure (classified) and non-secure (unclassified) conferences operate in an unclassified manner while connecting a call. If the call is to be classified or... |
V-43040 | Medium | An ISDN-based or IP-based VTC system supporting conferences on multiple networks having different classification levels must utilize approved automatically controlled signage to indicate the secure/non-secure status or classification level of the conference/session. Such signage will be placed within the conference room and outside each entrance. | VTC system users within the room must be informed when the system is actively engaged in a classified session and the classification level of that session if multiple classification levels are... |
V-17689 | Medium | Passwords do not meet complexity or strength. | DoD policy mandates the use of strong passwords. IA control IAIA-1&2 item 2 states “For systems utilizing a logon ID as the individual identifier, ensure passwords are, at a minimum, a case... |
V-17701 | Medium | Secure protocols are not used for CODEC remote control and management | Many VTC Endpoints are remotely accessed across a LAN via non-secure IP protocols such as telnet, FTP, and HTTP. This poses another confidentiality issue since these protocols do not meet DoD... |
V-17700 | Medium | CODEC control / configuration messages received via the local Application Programmers Interface (API) are not encrypted or authenticated. | The commands passed between the “touch panel” and CODEC are typically in a human readable clear text format. While older touch panels required a physical and direct connection to the EIA-232... |
V-17703 | Medium | SNMP is not being used in accordance with the Network Infrastructure STIG. | Some VTC endpoints can be monitored using SNMP. It is also possible that if not today, in the future, VTC endpoints could be configured via SNMP. SNMP is typically used by vendor’s VTU/MCU... |
V-17702 | Medium | Unnecessary/unused remote control/management/configuration protocols are not disabled. | Management or other protocols, secure or not, that are not required or used for management of, or access to, a device in a given implementation, but are active and available for a connection,... |
V-17705 | Medium | A VTC system/device is not running the latest DoD approved patches/firmware/software from system/device vendor. | Some of today’s VTUs do not appropriately protect their passwords or access codes. Best practice and DoD policy dictates that authenticators are to be protected. This includes user account names,... |
V-17704 | Medium | Remote management access and SNMP access and reporting are not restricted by IP address and/or subnet. | In any network device management system, it is best practice to limit the IP address or addresses from which a network attached device can be accessed and to which device status information can be sent. |
V-17707 | Medium | All VTC system management systems/servers are not configured in compliance with all applicable STIGs | Most VTC system vendors offer a range of centralized VTC system management applications and application suites. These include VTC endpoint and MCU managers, gatekeeper, gateway, and scheduling... |
V-17720 | Medium | Access Control Measures are not implemented for all conferences hosted on a centralized MCU appliance. | Access control to the conference scheduling system must be exercised and limited to authorized individuals. This is accomplished in different ways depending upon the access method. Scheduling... |
V-17688 | Medium | Passwords are displayed in clear text when logging onto a VTU. | As any information is entered on a keyboard, the keyboard sends each keystroke to the processing unit which, typically, echoes the character represented by the keystroke to the display device as... |
V-43028 | Medium | An IDS/IPS must protect the IP-based VTC system within the enclave. | An enclave supporting an IP-based VTC system that must communicate across an IP WAN must be protected by the existing network IDS/IPS or by the implementation of an IDS/IPS that is dedicated to... |
V-17698 | Medium | Deficient SOP or enforcement regarding the use of software based virtual connection between the PC and the VTC CODEC. | VTC CODECs provide various means and methods to permit the display of presentations and various other forms of data to all of the endpoints in a conference. Typically, this involves connecting a... |
V-16557 | Medium | Administrative sessions with the VTU do not timeout within a maximum of 15 minutes.
| An established and/or open configuration/administration (user or administrator) session that is inactive, idle, or unattended is an avenue for unauthorized access to the management port/interface... |
V-16564 | Medium | Deficient SOP or enforcement for VTC/CODEC streaming. | To control streaming from a VTU/CODEC, the site must have a policy and procedure regarding the use of streaming. This could be very simple if streaming will never be used or more complex if there... |
V-43021 | Medium | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels must be implemented in a manner such that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level. | Connecting the CODEC to a network while it is being reconfigured could lead to the disclosure of sensitive configuration information for a network having a higher classification level to a network... |
V-43020 | Medium | The A/B, A/B/C, or A/B/C/D switch within an IP-based VTC system supporting conferences on multiple networks having different classification levels must be based on optical technologies to maintain electrical isolation between the various networks to which it connects. | The A/B, A/B/C, or A/B/C/D switch is physically connected to multiple networks having different classification levels. Copper-based switches provide minimal or no electrical isolation due to... |
V-17683 | Medium | VTC media is not encrypted. | DoDI 8500.2 IA control ECCT-1 for “Enclave and Computing Environment/Encryption for Confidentiality (Sensitive Data in Transit) states “Unclassified, sensitive data transmitted through a... |
V-17684 | Medium | VTU does not use or provide FIPS 140-2 validated encryption module. | The current DoD requirement for commercial grade encryption is that the encryption module, which includes a FIPS 197 validated encryption algorithm plus “approved functions” (i.e., key management... |
V-43024 | Medium | An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks having different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections such that only one CODEC is powered on or one CODEC is connected to any network at any given time. | If a VTC system is implemented using multiple CODECs, each connected to a network having a different classification level, along with an A/V switcher, a potential path exists through the CODECs... |
V-43043 | Medium | An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences while implementing dialing capability from the CODEC must utilize an approved EIA-366-A dial isolator that disconnects the dialing channel between the CODEC and IMUX when the IMUX signals it is connected to another IMUX (i.e., the session is connected). | When dialing is performed from the CODEC, an EIA-366 connection is made between the CODEC and the IMUX to carry the dialing instructions to the IMUX which actually performs the dialing function.... |
V-17692 | Medium | Deficient SOP or enforcement of the SOP for manual password management. | DoD password and account management policies and requirements that are not supported by the CODEC must be addressed and enforced by a site policy or SOP that provides compliance to the greatest... |
V-16562 | Medium | No indicator is displayed on the VTU screen when CODEC streaming is activated. | It is imperative that the operator of a VTU know if his/her CODEC is streaming. This is due the ease with which streaming can be activated accidentally or intentionally and that it can be... |
V-17716 | Medium | A VTU endpoint does not have the wireless LAN capability disabled. | The proper mitigation for the vulnerabilities discussed above is to disable the wireless capability available or included in a VTC endpoint. Typically, one would expect a configuration setting... |
V-17680 | Medium | Inadequate notification to conference participants (manual or automatic) of monitoring activity by someone that is not a direct participant in a VTC session/conference. | Monitoring of a conference or VTC system can be performed in various ways. This can be by accessing the monitoring capabilities of a particular VTU via IP as discussed above, or using a capability... |
V-17592 | Medium | Deficient SOP or enforcement for microphone and camera disablement when the VTU is required to be powered and inactive (in standby). | In the event that mission requirements dictate the VTU be in a powered-on state when inactive (thereby making RTS-VTC 1020 N/A or “Not a Finding”), other measures are required to mitigate the... |
V-17715 | Medium | VTC endpoints simultaneously connect to a wired LAN and a wireless LAN. | A consideration regarding wireless LAN capabilities in VTC endpoints is the possibility that, with some implementations, a VTU could be connected to a wired LAN while also supporting a wireless... |
V-17712 | Medium | User Guides and documentation packages have not been developed and distributed to users that operate and work with VTC endpoints. | User documentation packages should include user agreements, training documentation, and endpoint user guides that reiterate the training information and the agreed upon User Agreement policies. ... |
V-17713 | Medium | VTC systems must be logically or physically segregated on the LAN from data systems, other non-integrated voice communication (VoIP) systems, and by VTC system type. | A common and widely used practice in traditional LAN design is the use and implementation of VLANs (at layer 2) and IP subnets (at layer 3) to segregate services and organizational workgroups or... |
V-17710 | Medium | Deficient IA training for VTC system/endpoint users, administrators, and helpdesk representatives. | DoDI 8500.2 IA control PRTN-1 regarding “Personnel/Information Assurance Training” states “A program is implemented to ensure that upon arrival and periodically thereafter, all personnel receive... |
V-17681 | Medium | Insufficient security clearance held by an “operator/facilitator/administrator” performing remote monitoring activities during a VTC session/conference. | Administrators or “operators/facilitators” that perform monitoring as discussed in this section must have an appropriate security clearance commensurate with or higher than the classification... |
V-17598 | Medium | Deficient SOP or enforcement regarding handling of incoming calls while in a conference. | Whether active or inactive, a VTU must display the source of an incoming call and the caller’s identity so that the user can decide to answer the call or not. This decision must also be based upon... |
V-17599 | Medium | Remote monitoring is not disabled while connected to an IP Network. | Some VTC endpoints support the capability for an administrator or facilitator to view or monitor the VTU location (i.e., the room where it is located) remotely via a web interface. Some VTUs... |
V-17717 | Medium | A VTU or conference room implemented using wireless components is not protected from external control or compromise | Conference room VTC systems, and particularly large ones, can require multiple microphones, cameras, and displays along with AV control systems. These systems typically require a significant... |
V-17682 | Medium | Far end camera control is not disabled. | Many VTC endpoints support Far End Camera Control (FECC). This feature uses H.281 protocol which must be supported by both VTUs. Typically, this is only available during an active VTC session but... |
V-17718 | Medium | VTC ports and protocols cross DoD/Enclave boundaries without prior registration in the DoD Ports and Protocols Database. | A portion of the DoDI 8550.1 PPS policy requires registration of those PPS that cross any of the boundaries defined by the policy that are “visible to DoD-managed components”. The following PPS... |
V-17719 | Medium | Access Control Measures are not implemented for all conferences hosted on a centralized MCU appliance. | Access control must be exercised over participants joining multipoint conferences. Attendees and/or endpoints must be pre-authorized or pre-registered. In this way, conference/meeting organizers... |
V-17691 | Medium | Classified VTU activated without unique user login | There are numerous DoD policy statements that require a user of a DoD IS to identify themselves to the IS so that it can authenticate and authorize the user before being used or before service is... |
V-17694 | Medium | Deficient user or administrator training regarding the vulnerabilities with, and operation of, CODEC streaming | In conjunction with the SOP for VTU/CODEC streaming, users must be trained in the vulnerabilities of streaming, how to recognize if their CODEC is streaming, and how to deactivate streaming if it... |
V-43035 | Medium | The IP-based VTC system must use H.235-based signaling encryption. | An IP/H.323-based VTC system as a whole (including CODECs, MCUs, Gatekeepers, Gateways, firewall traversal border elements, etc.) must implement H.235-based signaling encryption. H.235 has been... |
V-16560 | Medium | Use of media streaming is not documented properly or is not configured securely. | Media Streaming as it is related to VTC systems permits a VTU to engage in a normal IP or ISDN connected conference with other VTUs while broadcasting (streaming) the conference audio and video to... |
V-43030 | Medium | The IP-based VTC system must authenticate to an H.323 Gatekeeper or VVoIP session/call controller. | An IP-based VTC system must authenticate itself to an H.323 Gatekeeper or VVoIP session/call controller for the purposes of access control, authorization, and WAN access bandwidth management. An... |
V-17591 | Medium | Deficient SOP or enforcement regarding how to power-off the VTU when it is not actively participating in a conference. | When the VTU is not active, it is best to power it off to mitigate its vulnerabilities. This may not be practical, particularly if the VTU is intended, or required, to receive un-scheduled... |
V-43025 | Medium | The implementation of an IP-based VTC system supporting conferences on multiple networks having different classification levels must maintain isolation between the networks to which it connects by implementing separation of equipment and cabling between the various networks having differing classification levels in accordance with NSTISSAM TEMPEST-2-95, RED/BLACK installation guidance. | Information leakage is the intentional or unintentional release of information to an untrusted environment from electromagnetic signals emanations. Security categories or classifications of... |
V-17714 | Medium | VTC endpoint connectivity is established via an unapproved DoD Wireless LAN infrastructure | In the event wireless LAN connectivity is to be used for VTC endpoints, it must be implemented via an established and approved wireless LAN infrastructure which is configured, along with its... |
V-43038 | Medium | The operator of an ISDN-based VTC system utilizing a Type 1 encryptor for classified sessions must ensure any removable Keying Material (KEYMAT) (e.g., Cryptographic Ignition Key (CIK)) for the encryptor is secured in an appropriate secure facility or GSA-approved container when the system is not in use. | Removable Keying Material (KEYMAT) and each CIK must be handled in accordance with the Operational Security Doctrine of the encryptor as well as all applicable policies and guidance, such as the... |
V-17685 | Medium | VTU encryption indicator is not enabled. | In support of the need for encryption and the need for the VTU user to be aware that in fact his/her conference session is being encrypted, the VTU must display an indicator that encryption is... |
V-43022 | Medium | The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must be Common Criteria certified. | Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable... |
V-17699 | Medium | A CODEC's local Application Programmers Interface (API) provides unrestricted access to user or administrator configuration settings and CODEC controls without the use of an appropriate password. | Large conference room VTC systems may be built into the conference room in such a way that a hand-held remote control cannot directly access or control the CODEC because it is located in another... |
V-17593 | Medium | Deficient VTU sleep mode configuration or operation. | Sleep mode is the power conservation and semi-disabled state that some VTUs can enter after being on standby for a period of time. While in sleep mode, the VTU is still minimally powered and... |
V-43018 | Medium | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing sanitization by purging/clearing volatile memory within the CODEC by powering the CODEC off for a minimum of 60 seconds. | Volatile memory requires power to maintain the stored information. It retains its contents while powered, but when power is interrupted, stored data is immediately lost. Dynamic random-access... |
V-17686 | Medium | Deficient SOP or enforcement for user validation that encryption is on when required | When encryption is enabled via automatic/negotiate, and one endpoint does not support encryption or supports DES and not AES, the entire conference defaults to the lower capability level. This is... |
V-43019 | Medium | IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must sanitize non-volatile memory while transitioning between networks by overwriting all configurable parameters with null settings before reconfiguring the CODEC for connection to the next network. | A factory reset is the software restore of an electronic device to its original system state by erasing all of the information stored on the device to restore the device to its original factory or... |
V-17693 | Medium | Deficient SOP or enforcement of One Time Use local meeting password | A “local meeting password” must be used one time only. Once any meeting password is distributed to conferees, it is known by them. If a different and unique meeting password is not used for... |
V-17594 | Medium | Inadequate display of an incoming call notification such that the VTU user can make an informed decision to answer the call or not. | In the event that mission requirements dictate the VTU be in a powered-on state when inactive the VTU becomes available to receive incoming calls (except possibly when sleeping). Additionally, if... |
V-17690 | Medium | Different VTU passwords are not used for different VTU functions. | Passwords are required for access control to various functions provided by a VTU. The following is a list of possible functions:
1. Local user device use/activation (not typically supported).
2.... |
V-43049 | Medium | ISDN-based VTC equipment supporting secure (classified) and non-secure (unclassified) conferences which implement dial isolators and A/B switches must meet minimum port-to-port isolation standards. | ISDN-based VTC system A/B switches, Dial Isolators, and/or other devices used to interface between RED and BLACK circuits/equipment shall exhibit the following port-to-port isolation... |
V-17695 | Medium | CODEC streaming is not disabled when it is not required. | When a CODEC is not required to be streaming, the capability will be disabled. The preferred method for this is via an administrator configurable setting. Both user activation and remote start... |
V-17589 | Low | VTC endpoints and other VTC system components do not comply with DoD 8500.2 IA Controls. | DoD user/administrator account and password requirements are defined by the DoDI 8500.2 IA control IAIA-1, IAIA-2, IAAC-1, IAGA-1, as well as JTF-GNO Command Tasking Order (CTO) 06-02 as amended... |
V-43045 | Low | An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences must be cabled to maintain a minimum of 5 or 15 centimeters RED/BLACK separation on either side of the Type 1 encryptor and the dial isolator (depending on the TEMPEST zone). | Information leakage is the intentional or unintentional release of information to an untrusted environment from electromagnetic signals emanations. Security categories or classifications of... |
V-43023 | Low | The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must be TEMPEST certified. | National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST-2-95 and other similar documents provide the requirements and installation guidelines... |
V-17595 | Low | Auto-answer feature is not administratively disabled. | Some VTC endpoints have a user selectable feature that provides the capability to automatically answer an incoming call. This would be akin to your speakerphone picking up a call each time the... |