The stand alone or IP connected Voice mail system/server is not secured to applicable OS and DSN STIG guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-8253 | VVoIP 1040 (GENERAL) | SV-8739r1_rule | ECSC-1 | Low |
| Description |
|---|
| Voice mail services are subject to the guidance and requirements in the DSN STIG. Older voice mail systems/servers commonly use proprietary OSs while newer ones can be designed to run on common general-purpose operating systems, such as, Microsoft Windows, UNIX or Linux. If this is the case, steps should be taken to ensure that these general-purpose operating systems are secured in accordance to the appropriate STIG. |
| STIG | Date |
|---|---|
| Voice/Video Services Policy STIG | 2014-04-07 |
Details
| Check Text ( C-23617r1_chk ) |
|---|
| Interview the IAO and review site documentation to confirm compliance with the following requirement: Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.). Determine if the Voice Mail system/servers are based upon a general purpose OS for which there is a STIG or checklist. Obtain a copy of the applicable OS and DSN SRR or Self Assessment results and review for compliance. If SRR results are not available, perform a review to determine if the STIGs have been applied. This is a finding in the event it is evident that the appropriate STIGs have not been applied. This check is not intended to determine if the asset is in full compliance |
| Fix Text (F-20134r1_fix) |
|---|
| Ensure all systems/servers hosting the Voice Mail Service are properly secured in accordance with the DSN STIG and applicable OS STIG (i.e., Windows, Unix, etc.). Secure all Voice Mail systems/servers supporting the telephony environment. Apply the DSN STIG and all applicable OS STIGs (i.e., UNIX, Microsoft Windows, etc.) and ensure compliance with applicable STIG guidelines. |