STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-17063r2_rule
V-16076
Microphone operations policy
VVT/VTC 1905
CAT II
10
Ensure a policy and procedure is in place and enforced that addresses the placement and operation of hardware based voice and video communications devices and PC based voice, video, UC, and collaboration communications applications with regard to their audio pickup and broadcast capabilities in relation to the sensitivity of the information communicated. Operational policy and procedures must be included in user training and guides.
Produce an SOP that addresses the operation of hardware based voice and video communications devices and PC based voice, video, UC, and collaboration communications applications with regard to their audio pickup and broadcast capabilities in relation to the sensitivity of the information communicated.
Such an SOP could or should include policy on the use of headsets containing short range microphones and earphones in lieu of long range microphones and speakers in an open office environment. It could or should address the volume settings of speakers such that the session information is not heard by non-participants in a work area. It could or should also address the potential for the pickup of non-session related conversations in the work area.
Provide appropriate training such that users follow the SOP. Enforce user compliance with the SOP.
Interview the ISSO to validate compliance with the following requirement:
Ensure a policy and procedure is in place and enforced that addresses the placement and operation of hardware based voice and video communications devices and PC based voice, video, UC, and collaboration communications applications with regard to their audio pickup and broadcast capabilities in relation to the sensitivity of the information communicated. Operational policy and procedures are included in user training and guides.
NOTE: This SOP should take into account the classification of the area where the Video Teleconferencing Unit (VTU) or PC supporting a PC based voice, video, UC, and collaboration communications applications is installed as well as the classification and need-to-know restraints of the information generally communicated via the facility or specific VTU. Along with those mentioned above, measures should be included such as closing office or conference room doors; muting of microphones before and after conference sessions, and during conference breaks; volume levels in open offices as well as muting the microphone when not speaking.
Inspect the applicable SOP.
Such an SOP should include policy on the use of headsets containing short range microphones and earphones in lieu of long range microphones and speakers in an open office environment. It should address the volume settings of speakers such that the session information is not heard by non-participants in a work area. It should also address the potential for the pickup of non-session related conversations in the work area. This requirement should also discuss Bluetooth, DECT/DECT 6.0, and other RF wireless technologies for accessories.
Inspect user training materials and discuss practices to determine if information regarding the SOP is conveyed. Interview a random sampling of users to confirm their awareness of the SOP and related information. If the SOP or training is deficient, this is a finding.
V-16076
False
VVT/VTC 1905
Interview the ISSO to validate compliance with the following requirement:
Ensure a policy and procedure is in place and enforced that addresses the placement and operation of hardware based voice and video communications devices and PC based voice, video, UC, and collaboration communications applications with regard to their audio pickup and broadcast capabilities in relation to the sensitivity of the information communicated. Operational policy and procedures are included in user training and guides.
NOTE: This SOP should take into account the classification of the area where the Video Teleconferencing Unit (VTU) or PC supporting a PC based voice, video, UC, and collaboration communications applications is installed as well as the classification and need-to-know restraints of the information generally communicated via the facility or specific VTU. Along with those mentioned above, measures should be included such as closing office or conference room doors; muting of microphones before and after conference sessions, and during conference breaks; volume levels in open offices as well as muting the microphone when not speaking.
Inspect the applicable SOP.
Such an SOP should include policy on the use of headsets containing short range microphones and earphones in lieu of long range microphones and speakers in an open office environment. It should address the volume settings of speakers such that the session information is not heard by non-participants in a work area. It should also address the potential for the pickup of non-session related conversations in the work area. This requirement should also discuss Bluetooth, DECT/DECT 6.0, and other RF wireless technologies for accessories.
Inspect user training materials and discuss practices to determine if information regarding the SOP is conveyed. Interview a random sampling of users to confirm their awareness of the SOP and related information. If the SOP or training is deficient, this is a finding.
M
Information Assurance Manager
594