UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Voice Video Endpoint processing classified calls must be properly marked with the highest security level of the information being processed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-77281 SRG-NET-000311-VVEP-00062 SV-91977r1_rule Medium
Description
Without the association of security attributes to information, there is no basis for the network element to make security related access-control and flow-control decisions. Security attributes includes marking data as classified or FOUO. These security attributes may be assigned manually or during data processing but either way, it is imperative these assignments are maintained while the data is in process. If the security attributes are lost when the data is being processed, there is the risk of a data compromise. All hardware Voice Video endpoints processing classified calls, including phones and terminals, must be properly marked with the highest class-mark of the system. (Formerly DRSN 1098).
STIG Date
Voice Video Endpoint Security Requirements Guide 2017-12-28

Details

Check Text ( C-77083r1_chk )
If the Voice Video Endpoint is a soft client, this is Not Applicable.

If the Voice Video Endpoint does not process classified calls, this is Not Applicable.

Verify the Voice Video Endpoint processing classified calls is properly marked with the highest security level of the information being processed.

If the Voice Video Endpoint processing classified calls is not properly marked with the highest security level of the information being processed, this is a finding.
Fix Text (F-84169r1_fix)
Properly mark the Voice Video Endpoint processing classified calls with the highest security level of the information being processed.