UCF STIG Viewer Logo

The Voice Video Endpoint processing classified calls must be properly marked with the highest security level of the information being processed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206770 SRG-NET-000311-VVEP-00062 SV-206770r604140_rule Medium
Description
Without the association of security attributes to information, there is no basis for the network element to make security related access-control and flow-control decisions. Security attributes includes marking data as classified or FOUO. These security attributes may be assigned manually or during data processing but either way, it is imperative these assignments are maintained while the data is in process. If the security attributes are lost when the data is being processed, there is the risk of a data compromise. All hardware Voice Video endpoints processing classified calls, including phones and terminals, must be properly marked with the highest class-mark of the system. (Formerly DRSN 1098).
STIG Date
Voice Video Endpoint Security Requirements Guide 2020-12-04

Details

Check Text ( C-7026r363833_chk )
If the Voice Video Endpoint is a soft client, this is Not Applicable.

If the Voice Video Endpoint does not process classified calls, this is Not Applicable.

Verify the Voice Video Endpoint processing classified calls is properly marked with the highest security level of the information being processed.

If the Voice Video Endpoint processing classified calls is not properly marked with the highest security level of the information being processed, this is a finding.
Fix Text (F-7026r363834_fix)
Properly mark the Voice Video Endpoint processing classified calls with the highest security level of the information being processed.