Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16106 | VVoIP 1105 | SV-17094r2_rule | Medium |
Description |
---|
Communications applications must be tested and subsequently certified and accredited for IA purposes. This includes the applications and any upgrades or patches. Since a UC soft client is typically supported by a larger VVoIP communications system, the security of the application will affect the security of the overall system. Therefore the C&A documentation for the UC soft client must be included in the C&A documentation for the overall VVoIP system. Subsequently the VVoIP system’s C&A documentation must be included in the C&A documentation for the LAN or enclave. |
STIG | Date |
---|---|
Voice Video Services Policy Security Technical Implementation Guide | 2019-01-09 |
Check Text ( C-17150r2_chk ) |
---|
Review the site documentation and confirm the UC soft client C&A documentation is included in the C&A documentation for the supporting VVoIP system. If the UC soft client C&A documentation is not included in the C&A documentation for the supporting VVoIP system, this is a finding. |
Fix Text (F-16211r2_fix) |
---|
Include the UC soft client C&A documentation in the C&A documentation for the supporting VVoIP system and update the Approval To Operate (ATO) with the UC soft client application. |