STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

C2 and Special-C2 users are not aware of the assured service limitations of their PC based communications applications.

DISA Rule

SV-17057r1_rule

Vulnerability Number

V-16070

Group Title

Deficient C2 user Training: Non-AS of PC Comm apps

Rule Version

VVoIP 1300 (GENERAL)

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure C2 and Special-C2 users are made aware of the potential for unreliability and reduced availability of PC based communications for assured service/C2 communications in the various situations in which they might use their PC for this purpose. The IAO will additionally ensure C2 and Special-C2 users are made aware of the need for, and availability of, backup communications methods are available and provided in these various situations.

Implement training for C2 and Special-C2 users to provide awareness of the potential for unreliability and reduced availability of PC based communications for assured service / C2 communications in the various situations in which they might use their PC for this purpose.

Check Contents

Interview the IAO to validate compliance with the following requirement:

Ensure C2 and special-C2 users are made aware of the potential for unreliability and reduced availability of PC based communications for assured service/C2 communications in the various situations in which they might use their PC for this purpose. The IAO will additionally ensure C2 and Special-C2 users are made aware of the need for, and availability of, backup communications methods are available and provided in these various situations.

Additionally, interview a random sampling of C2 and special-C2 users to confirm their awareness. This is a finding in the event the users are unaware of the limitations of reliability and/or there is no attempt to make them aware.

Vulnerability Number

V-16070

Documentable

False

Rule Version

VVoIP 1300 (GENERAL)

Severity Override Guidance

Interview the IAO to validate compliance with the following requirement:

Ensure C2 and special-C2 users are made aware of the potential for unreliability and reduced availability of PC based communications for assured service/C2 communications in the various situations in which they might use their PC for this purpose. The IAO will additionally ensure C2 and Special-C2 users are made aware of the need for, and availability of, backup communications methods are available and provided in these various situations.

Additionally, interview a random sampling of C2 and special-C2 users to confirm their awareness. This is a finding in the event the users are unaware of the limitations of reliability and/or there is no attempt to make them aware.

Check Content Reference

I

Potential Impact

The reliance of C2 and Special-C2 users on this method of communications for assured service communications when assured service failure is highly likely.

Responsibility

Information Assurance Manager

Target Key

594

Comments