The Voice Video Endpoint must prevent installation of untrusted third-party software.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66797	SRG-NET-000512-VVEP-00058	SV-81287r1_rule		Medium

Description
Unauthorized third-party software is challenging the security posture of DoD. Most established vendors have developed a patch management process that prevents risk, resulting in an estimated 80 percent of threats arising from third-party software. Preventing users from installing third-party software limits organizational exposure. Additionally, preventing installation of untrusted software further reduces risk to the network. Vendors that prevent installation of all third-party software meet the intent of this requirement.

Description

Unauthorized third-party software is challenging the security posture of DoD. Most established vendors have developed a patch management process that prevents risk, resulting in an estimated 80 percent of threats arising from third-party software. Preventing users from installing third-party software limits organizational exposure. Additionally, preventing installation of untrusted software further reduces risk to the network. Vendors that prevent installation of all third-party software meet the intent of this requirement.

STIG	Date
Voice Video Endpoint Security Requirements Guide	2018-07-03

Details

Check Text ( C-67447r1_chk )
Verify the Voice Video Endpoint prevents installation of untrusted third-party software. If the Voice Video Endpoint does not prevent installation of untrusted third-party software, this is a finding.

Fix Text (F-72897r1_fix)
Configure the Voice Video Endpoint to prevent installation of untrusted third-party software.