UCF STIG Viewer Logo

The Unified Capabilities (UC) soft client Certification and Accreditation (CA) documentation must be included in the CA documentation for the supporting VVoIP system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16106 VVoIP 1105 SV-17094r2_rule Medium
Description
Communications applications must be tested and subsequently certified and accredited for IA purposes. This includes the applications and any upgrades or patches. Since a UC soft client is typically supported by a larger VVoIP communications system, the security of the application will affect the security of the overall system. Therefore the C&A documentation for the UC soft client must be included in the C&A documentation for the overall VVoIP system. Subsequently the VVoIP system’s C&A documentation must be included in the C&A documentation for the LAN or enclave.
STIG Date
Voice Video Services Policy Security Technical Implementation Guide 2019-09-27

Details

Check Text ( C-17150r2_chk )
Review the site documentation and confirm the UC soft client C&A documentation is included in the C&A documentation for the supporting VVoIP system. If the UC soft client C&A documentation is not included in the C&A documentation for the supporting VVoIP system, this is a finding.
Fix Text (F-16211r2_fix)
Include the UC soft client C&A documentation in the C&A documentation for the supporting VVoIP system and update the Approval To Operate (ATO) with the UC soft client application.