UCF STIG Viewer Logo

Voice Video Session Management Security Requirements Guide


Overview

Date Finding Count (52)
2020-09-04 CAT I (High): 10 CAT II (Med): 42 CAT III (Low): 0
STIG Description
This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-206827 High The Voice Video Session Manager must only use of ports, protocols, and services allowed per the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and Vulnerability Assessments (VAs).
V-206831 High The Voice Video Session Manager must terminate all network connections associated with a communications session at the end of the session, or the session must be terminated after 15 minutes of inactivity.
V-206852 High The Voice Video Session Manager must protect the integrity of transmitted configuration files, signaling, and media streams.
V-206811 High The Voice Video Session Manager must enforce registration of only approved Voice Video endpoints prior to operation.
V-206812 High The Voice Video Session Manager must disable (prevent) auto-registration of Voice Video endpoints.
V-206851 High The Voice Video Session Manager must protect the confidentiality of transmitted configuration files, signaling, and media streams.
V-206853 High The Voice Video Session Manager must implement NIST FIPS-validated cryptography to generate cryptographic hashes and to protect sensitive unclassified information.
V-206834 High The Voice Video Session Manager must protect the authenticity of communications sessions.
V-206830 High The Voice Video Session Manager must use encryption for signaling and media traffic.
V-206814 High The Voice Video Session Manager must control flow outside the enclave based on approved dial plans.
V-206821 Medium The Voice Video Session Manager must produce session (call) records containing the identity of the users and identifiers associated with the session.
V-206820 Medium The Voice Video Session Manager must produce session (call) records containing the outcome (status) of the connection.
V-206823 Medium The Voice Video Session Manager must protect session (call) records from unauthorized modification.
V-206822 Medium The Voice Video Session Manager must alert the ISSO and SA (at a minimum) in the event of a session (call) record system failure.
V-206825 Medium The Voice Video Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.
V-206824 Medium The Voice Video Session Manager must protect session (call) records from unauthorized deletion.
V-206826 Medium The Voice Video Session Manager must be configured to disable non-essential capabilities.
V-206829 Medium The Voice Video Session Manager must uniquely identify each Voice Video endpoint device before registration.
V-206828 Medium The Voice Video Session Manager must implement attack-resistant mechanisms for Voice Video endpoint registration.
V-206845 Medium The Voice Video Session Manager must require Voice Video peers to re-register (re-authenticate) at least every hour.
V-206849 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must associate multilevel precedence and preemption (MLPP) attributes when exchanged between unified capabilities (UC) system components.
V-206848 Medium The Voice Video Session Manager must provide an explicit indication of current participants in all videoconference-based and IP-based online meetings and conferences (excluding audio-only teleconferences using traditional telephony).
V-206839 Medium The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint user access.
V-206844 Medium The Voice Video Session Manager must require Voice Video endpoints to re-register at least every three (3) hours.
V-206846 Medium The Voice Video Session Manager must authenticate each Voice Video endpoint devices before registration.
V-206843 Medium The Voice Video Session Manager must off-load session (call) records onto a different system or storage media.
V-206842 Medium The Voice Video Session Manager must provide centralized management of session (call) records.
V-206840 Medium The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint device access.
V-206810 Medium The Voice Video Session Manager must automatically disable Voice Video endpoint user access after a 35 day period of account inactivity.
V-206858 Medium The Voice Video Session Manager must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, Communication Tasking Orders (CTOs), and DTMs.
V-206819 Medium The Voice Video Session Manager must produce session (call) records containing the identity of the initiator of the call.
V-206818 Medium The Voice Video Session Manager must produce session (call) records containing where (location) the connection originated.
V-206855 Medium The Voice Video Session Manager must route Fire and Emergency Services (FES) communications as a priority call in a non-blocking manner.
V-206856 Medium The Voice Video Session Manager must provide Fire and Emergency Services (FES) with the Automatic Number Identification (ANI) of the initiator of the call.
V-206857 Medium The Voice Video Session Manager must provide Fire and Emergency Services (FES) with the Automatic Location Identification (ALI) of the initiator of the call.
V-206850 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must limit and reserve bandwidth based on priority of the traffic type.
V-206838 Medium The Voice Video Session Manager must restrict Voice Video endpoint user access outside of operational hours.
V-206836 Medium In the event of a system failure, Voice Video Session Managers must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
V-206837 Medium The Voice Video Session Manager must generate session (call) records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information.
V-206835 Medium The Voice Video Session Manager must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
V-206832 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must associate multilevel precedence and preemption (MLPP) attributes when exchanged between unified capabilities (UC) systems.
V-206833 Medium The Voice Video Session Manager supporting Command and Control (C2) communications must validate the integrity of transmitted multilevel precedence and preemption (MLPP) attributes.
V-206816 Medium The Voice Video Session Manager must produce session (call) records containing when (date and time) the connection was established.
V-206815 Medium The Voice Video Session Manager must produce session (call) records containing the type of session connection.
V-206817 Medium The Voice Video Session Manager must produce session (call) records containing when (date and time) the connection was terminated.
V-206854 Medium The Voice Video Session Manager must prohibit remote activation of collaborative computing devices (excluding centrally managed, dedicated videoconference suites located in approved videoconference locations).
V-206813 Medium The Voice Video Session Manager must control flow within the enclave based on approved dial plans.
V-206859 Medium The Voice Video Session Manager must be configured to obfuscate passwords within configuration files.
V-206847 Medium The Voice Video Session Manager must authenticate each Voice Video peer (trunk) before registration.
V-206861 Medium The Voice Video Session Manager must apply 802.1Q VLAN tags to signaling and media traffic or be in a private subnet.
V-206860 Medium The Voice Video Session Manager used for unclassified communication within a Sensitive Compartmented Information Facility (SCIF) or Special Access Program Facility (SAPF) must be configured in accordance with the Committee on National Security Systems Instruction (CNSSI) 5000.
V-206862 Medium The Voice Video Session Manager must use a voice or video VLAN, separate from all other VLANs.