UCF STIG Viewer Logo

The Voice Video Endpoint used for videoconferencing must use multifactor authentication for network access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206762 SRG-NET-000140-VVEP-00032 SV-206762r604140_rule Medium
Description
To assure accountability and prevent unauthenticated access, users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) Something you know (e.g., password/PIN); (ii) Something you have (e.g., cryptographic identification device, token); or (iii) Something you are (e.g., biometric). Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection. The DoD CAC with DoD-approved PKI is an example of multifactor authentication. This does not apply to authentication for the purpose of configuring the device itself (i.e., device management).
STIG Date
Voice Video Endpoint Security Requirements Guide 2020-12-04

Details

Check Text ( C-7018r588382_chk )
If the Voice Video Endpoint is a hardware endpoint, this check procedure is Not Applicable.

Verify the Voice Video Endpoint used for videoconferencing uses multifactor authentication for network access.

If the Voice Video Endpoint used for videoconferencing does not use multifactor authentication for network access, this is a finding.
Fix Text (F-7018r363810_fix)
Configure the Voice Video Endpoint used for videoconferencing to use multifactor authentication for network access.