UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The stand alone or IP connected Voice mail system/server is not secured to applicable OS and DSN STIG guidance.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8253 VVoIP 1040 (GENERAL) SV-8739r1_rule ECSC-1 Low
Description
Voice mail services are subject to the guidance and requirements in the DSN STIG. Older voice mail systems/servers commonly use proprietary OSs while newer ones can be designed to run on common general-purpose operating systems, such as, Microsoft Windows, UNIX or Linux. If this is the case, steps should be taken to ensure that these general-purpose operating systems are secured in accordance to the appropriate STIG.
STIG Date
Voice / Video Services Policy STIG 2015-07-01

Details

Check Text ( C-23617r1_chk )
Interview the IAO and review site documentation to confirm compliance with the following requirement: Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.).

Determine if the Voice Mail system/servers are based upon a general purpose OS for which there is a STIG or checklist.

Obtain a copy of the applicable OS and DSN SRR or Self Assessment results and review for compliance. If SRR results are not available, perform a review to determine if the STIGs have been applied.

This is a finding in the event it is evident that the appropriate STIGs have not been applied. This check is not intended to determine if the asset is in full compliance

Fix Text (F-20134r1_fix)
Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.).

Secure all Voice Mail systems/servers supporting the telephony environment. Apply the DSN STIG and all applicable OS STIGs (i.e., UNIX, Microsoft Windows, etc.) and ensure compliance with applicable STIG guidelines.