UCF STIG Viewer Logo

Voice Video Session Management Security Requirements Guide


Overview

Date Finding Count (53)
2017-12-28 CAT I (High): 0 CAT II (Med): 53 CAT III (Low): 0
STIG Description
This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-62091 Medium The Voice Video Session Manager must implement attack-resistant mechanisms for Voice Video endpoint registration.
V-62093 Medium The Voice Video Session Manager must uniquely identify each Voice Video endpoint device before registration.
V-62095 Medium The Voice Video Session Manager must use encryption for signaling and media traffic.
V-62097 Medium The Voice Video Session Manager must terminate all network connections associated with a communications session at the end of the session, or the session must be terminated after 15 minutes of inactivity.
V-62099 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must associate multilevel precedence and preemption (MLPP) attributes when exchanged between unified capabilities (UC) systems.
V-62079 Medium The Voice Video Session Manager must alert the ISSO and SA (at a minimum) in the event of a session (call) record system failure.
V-62143 Medium The Voice Video Session Manager must provide Fire and Emergency Services (FES) with the Automatic Number Identification (ANI) of the initiator of the call.
V-62061 Medium The Voice Video Session Manager must produce session (call) records containing when (date and time) the connection was established.
V-62141 Medium The Voice Video Session Manager must route Fire and Emergency Services (FES) communications as a priority call in a non-blocking manner.
V-62049 Medium The Voice Video Session Manager must automatically disable Voice Video endpoint user access after a 35 day period of account inactivity.
V-62147 Medium The Voice Video Session Manager must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, Communication Tasking Orders (CTOs), and DTMs.
V-62145 Medium The Voice Video Session Manager must provide Fire and Emergency Services (FES) with the Automatic Location Identification (ALI) of the initiator of the call.
V-62067 Medium The Voice Video Session Manager must produce session (call) records containing where (location) the connection originated.
V-62069 Medium The Voice Video Session Manager must produce session (call) records containing the identity of the initiator of the call.
V-62149 Medium The Voice Video Session Manager must apply 802.1Q VLAN tags to signaling and media traffic.
V-62129 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must associate multilevel precedence and preemption (MLPP) attributes when exchanged between unified capabilities (UC) system components.
V-62137 Medium The Voice Video Session Manager must implement NIST FIPS-validated cryptography to generate cryptographic hashes and to protect sensitive unclassified information.
V-62109 Medium The Voice Video Session Manager must restrict Voice Video endpoint user access outside of operational hours.
V-62107 Medium The Voice Video Session Manager must generate session (call) records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information.
V-62105 Medium The Voice Video Session Manager must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
V-62103 Medium The Voice Video Session Manager must protect the authenticity of communications sessions.
V-62127 Medium The Voice Video Session Manager must provide an explicit indication of current participants in all videoconference-based and IP-based online meetings and conferences (excluding audio-only teleconferences using traditional telephony).
V-62119 Medium The Voice Video Session Manager must provide centralized management of session (call) records.
V-62089 Medium The Voice Video Session Manager must only use of ports, protocols, and services allowed per the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and Vulnerability Assessments (VAs).
V-62087 Medium The Voice Video Session Manager must be configured to disable non-essential capabilities.
V-62085 Medium The Voice Video Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.
V-62083 Medium The Voice Video Session Manager must protect session (call) records from unauthorized deletion.
V-62081 Medium The Voice Video Session Manager must protect session (call) records from unauthorized modification.
V-62121 Medium The Voice Video Session Manager must off-load session (call) records onto a different system or storage media.
V-62063 Medium The Voice Video Session Manager must produce session (call) records containing when (date and time) the connection was terminated.
V-71689 Medium The Voice Video Session Manager used for unclassified communication within a Sensitive Compartmented Information Facility (SCIF) or Special Access Program Facility (SAPF) must be configured in accordance with the Committee on National Security Systems Instruction (CNSSI) 5000.
V-62115 Medium The Voice Video Session Manager in support of Communications Assistance for Law Enforcement Act (CALEA) must provide the capability for authorized users to remotely view/hear, in real time, all content related to an established user session from a separate monitoring component.
V-71685 Medium The Voice Video Session Manager must authenticate each Voice Video peer (trunk) before registration.
V-71687 Medium The Voice Video Session Manager must require Voice Video peers (trunks) to re-register at least every hour.
V-62123 Medium The Voice Video Session Manager must require Voice Video endpoints to re-register at least every three (3) hours.
V-71683 Medium The Voice Video Session Manager must be configured to obfuscate passwords within configuration files.
V-62151 Medium The Voice Video Session Manager must use a voice or video VLAN, separate from all other VLANs.
V-62071 Medium The Voice Video Session Manager must produce session (call) records containing the outcome (status) of the connection.
V-62135 Medium The Voice Video Session Manager must protect the integrity of transmitted configuration files, signaling, and media streams.
V-62077 Medium The Voice Video Session Manager must produce session (call) records containing the identity of the users and identifiers associated with the session.
V-62133 Medium The Voice Video Session Manager must protect the confidentiality of transmitted configuration files, signaling, and media streams.
V-62131 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must limit and reserve bandwidth based on priority of the traffic type.
V-62055 Medium The Voice Video Session Manager must control flow within the enclave based on approved dial plans.
V-62125 Medium The Voice Video Session Manager must authenticate each Voice Video endpoint devices before registration.
V-62057 Medium The Voice Video Session Manager must control flow outside the enclave based on approved dial plans.
V-62051 Medium The Voice Video Session Manager must enforce registration of only approved Voice Video endpoints prior to operation.
V-62053 Medium The Voice Video Session Manager must disable (prevent) auto-registration of Voice Video endpoints.
V-62139 Medium The Voice Video Session Manager must prohibit remote activation of collaborative computing devices (excluding centrally managed, dedicated videoconference suites located in approved videoconference locations).
V-62101 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must validate the integrity of transmitted multilevel precedence and preemption (MLPP) attributes.
V-62059 Medium The Voice Video Session Manager must produce session (call) records containing the type of session connection.
V-62117 Medium In the event of a system failure, Voice Video Session Managers must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
V-62111 Medium The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint user access.
V-62113 Medium The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint device access.