Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62103 | SRG-NET-000230-VVSM-00023 | SV-76593r1_rule | Medium |
Description |
---|
Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. This requirement focuses on communications protection for the application session rather than for the network packet and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. VC and UC require the use of TLS mutual authentication (two-way/bidirectional) for authenticity. |
STIG | Date |
---|---|
Voice Video Session Management Security Requirements Guide | 2016-06-28 |
Check Text ( C-62907r1_chk ) |
---|
Verify the Voice Video Session Manager protects the authenticity of communications sessions. If the Voice Video Session Manager does not protect the authenticity of communications sessions, this is a finding. |
Fix Text (F-68023r1_fix) |
---|
Configure the Voice Video Session Manager to protect the authenticity of communications sessions. |