Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62061 | SRG-NET-000075-VVSM-00031 | SV-76551r1_rule | Medium |
Description |
---|
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are generated from several components within the Voice Video system (e.g., session manager, session border control, gateway, gatekeeper, or endpoints). Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. Additionally, an adversary must not be able to modify or delete session records. |
STIG | Date |
---|---|
Voice Video Session Management Security Requirements Guide | 2020-05-15 |
Check Text ( C-62865r1_chk ) |
---|
Verify the Voice Video Session Manager produces session records containing when (date and time) the connection was established. If the Voice Video Session Manager does not produce session records containing when (date and time) the connection was established, this is a finding. |
Fix Text (F-67981r1_fix) |
---|
Configure the Voice Video Session Manager to produce session records containing when (date and time) the connection was established. |