Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16091 | VVoIP 1330 (GENERAL) | SV-17079r1_rule | DCBP-1 ECSC-1 PRTN-1 | Low |
Description |
---|
User agreements must be accompanied with a combination of user training and user guides that will reiterate the agreed to policies and prohibitions. The training and guides should also provide additional information such as how to operate a system or device and implement certain features and IA measures as required. A user guide would be extremely helpful in providing information to the user for the proper usage of PC based voice, video, UC, and collaboration communications applications and remote access implementations in general. An item that must not be forgotten in such a user guide is a discussion relating to the use of a PC based voice, video, UC, and collaboration communications applications for assured service C2 communications. Cautions and notice of the potential unreliable nature of these communications applications or methods must be included in user guides so that C2 users are aware, and reminded of, the non-assured service nature of these communications methods. There are other topics that should be contained in a user guide serving this purpose. One such topic is the use of a “webcam” with hardware or software based VTU, particularly when used in a classified environment. Another user guide topic is the possible use of speakerphone capabilities when using a hard or soft EI in environments where classified discussion or work occurs. |
STIG | Date |
---|---|
Voice/Video Services Policy STIG | 2014-04-07 |
Check Text ( C-17134r1_chk ) |
---|
Interview the IAO to validate compliance with the following requirement: Ensure a user guide is developed and distributed to users of PC based voice, video, UC, and collaboration communications applications that minimally provides the following information: - Reiterates the policies and restrictions agreed to when the user agreement was signed upon receiving the communications application. - Provides cautions and notice of the potential unreliable nature of PC communications applications so that C2 users are aware and reminded of the non-assured service nature of this communications media/method. - Provides instruction regarding the proper and safe use of webcams in general, and more specifically when used in a classified environment or where classified work is performed and/or classified material and information is displayed or used. - Provides instruction regarding the proper and safe use of speakerphone capabilities in general, and more specifically when using them in environments where classified discussion or work occurs. - Provides instruction regarding the proper and safe use of presentation, document, and desktop sharing. NOTE: this requirement is supported by DoDI 8500.2 IA control PRRB-1 discussed above. Inspect the user guide regarding the proper use of PC based voice, video, UC, and collaboration communications applications. Validate that user’s have been provided with this guide by interviewing a random sampling of users. The user’s guide should minimally provide the information listed in the requirement. This is a finding if the user guide is deficient in its content and/or the guide is not provided to users. |
Fix Text (F-16196r1_fix) |
---|
Ensure a user guide is developed and distributed to users of PC based voice, video, UC, and collaboration communications applications. Develop a users guide regarding the proper use of PC based voice, video, UC, and collaboration communications applications and distribute to users. The user’s guide should minimally provide the following information: - Reiterates the policies and restrictions agreed to when the user agreement was signed upon receiving the communications application. - Provides cautions and notice of the potential unreliable nature of PC communications applications so that C2 users are aware and reminded of the non-assured service nature of this communications media/method. - Provides instruction regarding the proper and safe use of webcams in general, and more specifically when used in a classified environment or where classified work is performed and/or classified material/information is displayed or used. - Provides instruction regarding the proper and safe use of speakerphone capabilities in general, and more specifically when using them in environments where classified discussion or work occurs. - Provides instruction regarding the proper and safe use of presentation, document, and desktop sharing. NOTE: this requirement is supported by DoDI 8500.2 IA control PRRB-1. |