Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16089 | VVoIP 1305 (GENERAL) | SV-17077r1_rule | DCBP-1 ECSC-1 PRTN-1 | Medium |
Description |
---|
Users of PC based voice, video, UC, and collaboration communications applications must be aware of, and trained in, the various aspects of the application’s safe and proper use. They must also be aware of the application or service vulnerabilities and the mitigations for them. This awareness is supported by a combination of user training in the use of the application and any associated accessories as well as its limitations and vulnerabilities. Training is subsequently acknowledged through the signing of user agreements and bolstered by the distribution and utilization of user guides. |
STIG | Date |
---|---|
Voice/Video Services Policy STIG | 2014-04-07 |
Check Text ( C-17132r1_chk ) |
---|
Interview the IAO to validate compliance with the following requirement: Ensure training materials are developed and PC based voice, video, UC, and collaboration communications application users are trained in, and aware of, various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Training will include all items contained in user agreements and user guides. Ask the IAO about the training provided to users about the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Inspect training materials for the content contained in user agreements. This is a finding if the training materials do not address the contents of the user agreements and the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. |
Fix Text (F-16194r1_fix) |
---|
Ensure training materials are developed and PC based voice, video, UC, and collaboration communications application users are trained in, and aware of, various aspects of the application’s safe and proper use as well as the application or service vulnerabilities. Training will include all items contained in user agreements and user guides. Develop training materials that address the contents of the user agreements and the various aspects of the application’s safe and proper use as well as the application or service vulnerabilities |