The stand alone or IP connected Voice mail system/server is not secured to applicable OS and DSN STIG guidance.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-8253	VVoIP 1040 (GENERAL)	SV-8739r1_rule		Low

Description
Voice mail services are subject to the guidance and requirements in the DSN STIG. Older voice mail systems/servers commonly use proprietary OSs while newer ones can be designed to run on common general-purpose operating systems, such as, Microsoft Windows, UNIX or Linux. If this is the case, steps should be taken to ensure that these general-purpose operating systems are secured in accordance to the appropriate STIG.

Description

Voice mail services are subject to the guidance and requirements in the DSN STIG. Older voice mail systems/servers commonly use proprietary OSs while newer ones can be designed to run on common general-purpose operating systems, such as, Microsoft Windows, UNIX or Linux. If this is the case, steps should be taken to ensure that these general-purpose operating systems are secured in accordance to the appropriate STIG.

STIG	Date
Voice Video Services Policy STIG	2018-09-19

Details

Check Text ( C-23617r1_chk )
Interview the IAO and review site documentation to confirm compliance with the following requirement: Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.). Determine if the Voice Mail system/servers are based upon a general purpose OS for which there is a STIG or checklist. Obtain a copy of the applicable OS and DSN SRR or Self Assessment results and review for compliance. If SRR results are not available, perform a review to determine if the STIGs have been applied. This is a finding in the event it is evident that the appropriate STIGs have not been applied. This check is not intended to determine if the asset is in full compliance

Check Text ( C-23617r1_chk )

Interview the IAO and review site documentation to confirm compliance with the following requirement: Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.).

Determine if the Voice Mail system/servers are based upon a general purpose OS for which there is a STIG or checklist.

Obtain a copy of the applicable OS and DSN SRR or Self Assessment results and review for compliance. If SRR results are not available, perform a review to determine if the STIGs have been applied.

This is a finding in the event it is evident that the appropriate STIGs have not been applied. This check is not intended to determine if the asset is in full compliance

Fix Text (F-20134r1_fix)
Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.). Secure all Voice Mail systems/servers supporting the telephony environment. Apply the DSN STIG and all applicable OS STIGs (i.e., UNIX, Microsoft Windows, etc.) and ensure compliance with applicable STIG guidelines.