UCF STIG Viewer Logo

The Voice Video Session Manager must protect the authenticity of communications sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206834 SRG-NET-000230-VVSM-00023 SV-206834r508661_rule High
Description
Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. This requirement focuses on communications protection for the application session rather than for the network packet and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. VC and UC require the use of TLS mutual authentication (two-way/bidirectional) for authenticity.
STIG Date
Voice Video Session Management Security Requirements Guide 2020-09-04

Details

Check Text ( C-7089r364691_chk )
Verify the Voice Video Session Manager protects the authenticity of communications sessions.

If the Voice Video Session Manager does not protect the authenticity of communications sessions, this is a finding.
Fix Text (F-7089r364692_fix)
Configure the Voice Video Session Manager to protect the authenticity of communications sessions.