User Guides and documentation packages have not been developed and distributed to users that operate and work with VTC endpoints.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17712	RTS-VTC 3740.00	SV-18886r1_rule	PRTN-1	Medium

Description
User documentation packages should include user agreements, training documentation, and endpoint user guides that reiterate the training information and the agreed upon User Agreement policies. The Endpoint User Guides should also provide additional information to include system or device operations, usage procedures for features, and IA measures as required to address the protection of both meeting related and non-meeting related information Note: This requirement is supported by DoDI 8500.2 IA control PRRB-1 discussed above.

Description

User documentation packages should include user agreements, training documentation, and endpoint user guides that reiterate the training information and the agreed upon User Agreement policies. The Endpoint User Guides should also provide additional information to include system or device operations, usage procedures for features, and IA measures as required to address the protection of both meeting related and non-meeting related information Note: This requirement is supported by DoDI 8500.2 IA control PRRB-1 discussed above.

STIG	Date
Video Teleconference STIG	2014-02-11

Details

Check Text ( C-18982r1_chk )
[IP][ISDN]; Interview the IAO and validate compliance with the following requirement: Ensure a user’s guide and documentation package is developed and distributed to user’s of VTC endpoints to include conference room systems that provides the following information: - Reiterates the policies and restrictions agreed to when the user’s agreement was signed upon receiving the VTC endpoint of authorization to use one. - Provides cautions and notice of the non-assured nature of VTC communications so that C2 users are aware and reminded regarding the use of this communications media for C2. - Provides instruction regarding the proper and safe use of a VTC endpoint’s or conference room system’s audio and video capabilities such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the proper and safe use of document and desktop sharing when using a PC connected to a VTC endpoint such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the safeguarding of meeting related and non-meeting related sensitive and/or classified information An example of a user’s guide brochure is included in Appendix E of the VTC STIG. The specifics relating to the brochure’s development and the environment it addresses are noted in the appendix. It may not fully satisfy the requirement. Such a brochure can constitute one part of a larger user’s guide or could be modified to fully meet the requirement. Inspect the user’s guide and documentation package for content and its existence. Interview a random sampling of users regarding their possession and use of the user’s guide This is a finding if the user’s guide is not distributed or its content is deficient with regard to the items in the requirement.

Check Text ( C-18982r1_chk )

[IP][ISDN]; Interview the IAO and validate compliance with the following requirement:

Ensure a user’s guide and documentation package is developed and distributed to user’s of VTC endpoints to include conference room systems that provides the following information:
- Reiterates the policies and restrictions agreed to when the user’s agreement was signed upon receiving the VTC endpoint of authorization to use one.
- Provides cautions and notice of the non-assured nature of VTC communications so that C2 users are aware and reminded regarding the use of this communications media for C2.
- Provides instruction regarding the proper and safe use of a VTC endpoint’s or conference room system’s audio and video capabilities such that the appropriate confidentiality of meeting related and non-meeting related information is maintained.
- Provides instruction regarding the proper and safe use of document and desktop sharing when using a PC connected to a VTC endpoint such that the appropriate confidentiality of meeting related and non-meeting related information is maintained.
- Provides instruction regarding the safeguarding of meeting related and non-meeting related sensitive and/or classified information

An example of a user’s guide brochure is included in Appendix E of the VTC STIG. The specifics relating to the brochure’s development and the environment it addresses are noted in the appendix. It may not fully satisfy the requirement. Such a brochure can constitute one part of a larger user’s guide or could be modified to fully meet the requirement.

Inspect the user’s guide and documentation package for content and its existence.
Interview a random sampling of users regarding their possession and use of the user’s guide
This is a finding if the user’s guide is not distributed or its content is deficient with regard to the items in the requirement.

Fix Text (F-17609r1_fix)
[IP][ISDN]; Perform the following tasks: Ensure a user’s guide and documentation package is developed and distributed to user’s of VTC endpoints to include conference room systems that provides the following information: - Reiterates the policies and restrictions agreed to when the user’s agreement was signed upon receiving the VTC endpoint of authorization to use one. - Provides cautions and notice of the non-assured nature of VTC communications so that C2 users are aware and reminded regarding the use of this communications media for C2. - Provides instruction regarding the proper and safe use of a VTC endpoint’s or conference room system’s audio and video capabilities such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the proper and safe use of document and desktop sharing when using a PC connected to a VTC endpoint such that the appropriate confidentiality of meeting related and non-meeting related information is maintained. - Provides instruction regarding the safeguarding of meeting related and non-meeting related sensitive and/or classified information An example of a user’s guide brochure is included in Appendix E of the VTC STIG. The specifics relating to the brochure’s development and the environment it addresses are noted in the appendix. It may not fully satisfy the requirement. Such a brochure can constitute one part of a larger user’s guide or could be modified to fully meet the requirement.

Fix Text (F-17609r1_fix)

[IP][ISDN]; Perform the following tasks:
Ensure a user’s guide and documentation package is developed and distributed to user’s of VTC endpoints to include conference room systems that provides the following information:
- Reiterates the policies and restrictions agreed to when the user’s agreement was signed upon receiving the VTC endpoint of authorization to use one.
- Provides cautions and notice of the non-assured nature of VTC communications so that C2 users are aware and reminded regarding the use of this communications media for C2.
- Provides instruction regarding the proper and safe use of a VTC endpoint’s or conference room system’s audio and video capabilities such that the appropriate confidentiality of meeting related and non-meeting related information is maintained.
- Provides instruction regarding the proper and safe use of document and desktop sharing when using a PC connected to a VTC endpoint such that the appropriate confidentiality of meeting related and non-meeting related information is maintained.
- Provides instruction regarding the safeguarding of meeting related and non-meeting related sensitive and/or classified information

An example of a user’s guide brochure is included in Appendix E of the VTC STIG. The specifics relating to the brochure’s development and the environment it addresses are noted in the appendix. It may not fully satisfy the requirement. Such a brochure can constitute one part of a larger user’s guide or could be modified to fully meet the requirement.