UCF STIG Viewer Logo

The Voice Video Endpoint must produce session (call detail) records containing the identity of all users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206757 SRG-NET-000079-VVEP-00026 SV-206757r604140_rule Medium
Description
Session records are commonly produced by session management and border elements. Many Voice Video Endpoints are not capable of providing session records and instead rely on session management and border elements. Voice video endpoints capable of producing session records provide supplemental confirmation of monitored events. Voice video endpoints that communicate beyond these defined environments must generate session records. Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. Additionally, an adversary must not be able to modify or delete session records. Detailed records are typically produced by the session manager but can be augmented by non-telephone endpoint records.
STIG Date
Voice Video Endpoint Security Requirements Guide 2020-12-04

Details

Check Text ( C-7013r363794_chk )
If the Voice Video Endpoint relies exclusively on the Voice Video Session Manager for session records and does not have any capability for generating session records, this check procedure is Not Applicable.

Verify the Voice Video Endpoint produces session records containing the identity of all users on the call.

If the Voice Video Endpoint does not produce session records containing the identity of all users on the call, this is a finding.
Fix Text (F-7013r363795_fix)
Configure the Voice Video Endpoint to produce session records containing the identity of all users on the call.