STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-17073r2_rule
V-16085
UC soft client accessory approval
VVoIP 1745 (GENERAL)
CAT III
10
Ensure UC soft client accessories (i.e., PPGs, ATAs, and/or USB phones) capabilities are reviewed and their functionality tested or validated prior to approval, providing them to users, or implementing them.
Review and test the use of USB phones, USB ATAs, PPGs, and wireless headsets for network bridging capabilities. Do not use such devices if the capability exists except to fulfill a validated mission requirement.
Interview the ISSO to validate compliance with the following requirement:
Ensure UC soft client accessories, including PPGs, ATAs, USB phones, and wireless headsets capabilities are reviewed and their functionality tested or validated prior to approval, providing them to users, or implementing them.
Determine if the use of USB phones, USB ATAs, PPGs, or wireless headsets is permitted and if they are provided to users. If so, determine if the devices have been reviewed and tested as necessary with regard to their network bridging capabilities. If these devices are provided to users and they have not been properly reviewed or tested, this is a finding.
Note: this requirement applies to Bluetooth, DECT/DECT 6.0, and other RF wireless technologies for accessories. Prior to procurement and implementation of any wireless accessory, a risk analysis must be performed to ensure the technology uses acceptable encryption and does not interfere with existing technology use. This guidance is not intended to replace the existing guidance available for wireless headsets used in association with mobile devices.
V-16085
False
VVoIP 1745 (GENERAL)
Interview the ISSO to validate compliance with the following requirement:
Ensure UC soft client accessories, including PPGs, ATAs, USB phones, and wireless headsets capabilities are reviewed and their functionality tested or validated prior to approval, providing them to users, or implementing them.
Determine if the use of USB phones, USB ATAs, PPGs, or wireless headsets is permitted and if they are provided to users. If so, determine if the devices have been reviewed and tested as necessary with regard to their network bridging capabilities. If these devices are provided to users and they have not been properly reviewed or tested, this is a finding.
Note: this requirement applies to Bluetooth, DECT/DECT 6.0, and other RF wireless technologies for accessories. Prior to procurement and implementation of any wireless accessory, a risk analysis must be performed to ensure the technology uses acceptable encryption and does not interfere with existing technology use. This guidance is not intended to replace the existing guidance available for wireless headsets used in association with mobile devices.
M
Information Assurance Manager
594