Deficient training or training materials addressing secure PC communications client application usage.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-16089	VVoIP 1305 (GENERAL)	SV-17077r1_rule		Medium

Description
Users of PC based voice, video, UC, and collaboration communications applications must be aware of, and trained in, the various aspects of the application’s safe and proper use. They must also be aware of the application or service vulnerabilities and the mitigations for them. This awareness is supported by a combination of user training in the use of the application and any associated accessories as well as its limitations and vulnerabilities. Training is subsequently acknowledged through the signing of user agreements and bolstered by the distribution and utilization of user guides.

Description

Users of PC based voice, video, UC, and collaboration communications applications must be aware of, and trained in, the various aspects of the application’s safe and proper use. They must also be aware of the application or service vulnerabilities and the mitigations for them. This awareness is supported by a combination of user training in the use of the application and any associated accessories as well as its limitations and vulnerabilities. Training is subsequently acknowledged through the signing of user agreements and bolstered by the distribution and utilization of user guides.

STIG	Date
Voice Video Services Policy Security Technical Implementation Guide	2019-09-27

Details

Check Text ( C-17132r1_chk )
Interview the IAO to validate compliance with the following requirement: Ensure training materials are developed and PC based voice, video, UC, and collaboration communications application users are trained in, and aware of, various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Training will include all items contained in user agreements and user guides. Ask the IAO about the training provided to users about the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Inspect training materials for the content contained in user agreements. This is a finding if the training materials do not address the contents of the user agreements and the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities.

Check Text ( C-17132r1_chk )

Interview the IAO to validate compliance with the following requirement:

Ensure training materials are developed and PC based voice, video, UC, and collaboration communications application users are trained in, and aware of, various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Training will include all items contained in user agreements and user guides.

Ask the IAO about the training provided to users about the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Inspect training materials for the content contained in user agreements.

This is a finding if the training materials do not address the contents of the user agreements and the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities.

Fix Text (F-16194r1_fix)
Ensure training materials are developed and PC based voice, video, UC, and collaboration communications application users are trained in, and aware of, various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Training will include all items contained in user agreements and user guides. Develop training materials that address the contents of the user agreements and the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities

Fix Text (F-16194r1_fix)

Ensure training materials are developed and PC based voice, video, UC, and collaboration communications application users are trained in, and aware of, various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Training will include all items contained in user agreements and user guides.

Develop training materials that address the contents of the user agreements and the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities