STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-17078r3_rule
V-16090
Enforce UC soft client acceptable use
VVoIP 1335
CAT II
10
Develop and enforce a user agreement in accordance with DoD policies addressing the acceptable use of UC soft client applications and associated accessories minimally providing the following information:
- Users must not install any application or agent, to include UC soft clients, VTC software, or IM client that connects to or uses a public VoIP or IM service for non-official business.
- Users must not install any application or agent, to include UC soft clients, VTC software, or IM client that communicates peer-to-peer with other applications, agents, or personal phone gateways.
- Users must not use a USB or Ethernet subscriber line interface card (SLIC) associated with a commercial VoIP service (such as magicJack) or a personal VoIP system in the DoD unless the SLIC is sanctioned and provided by a DoD component or organization.
- Users must not use UC soft client accessories capable of bridging a DoD network or DoD application with another computer, phone network, or the PSTN.
- Users must not use DoD-provided UC soft client while working in their normal DoD workspace without permission of the ISSO.
- Users must receive a caution notice discussing the non-assured nature of UC soft client applications for C2 user awareness that for assured service a UC soft client should not be the primary method of communications.
- Users must receive instruction for the proper and safe use of webcams or built-in cameras when used in a classified environment to prevent viewing classified work or classified material over non-secure networks.
- Users must receive instruction for the proper and safe use of speakerphones or built-in microphones when used in a classified environment to prevent hearing classified discussions over non-secure networks.
- Users must receive instruction regarding the proper and safe use of presentation, document, and desktop sharing.
Sites may modify the above items in accordance with local site policy. However, each item must be addressed in the user agreement. A user agreement may be a standalone document or a larger document addressing remote access or workstation use that enforces the acceptable use of UC soft client applications and accessories.
Interview the ISSO to validate compliance with the following requirement:
Verify a user agreement is developed and enforced with users in accordance with DoD policies addressing the acceptable use of UC soft client applications and associated accessories minimally providing the following information:
- Users must not install any application or agent, to include UC soft clients, VTC software, or IM client that connects to or uses a public VoIP or IM service for non-official business.
- Users must not install any application or agent, to include UC soft clients, VTC software, or IM client that communicates peer-to-peer with other applications, agents, or personal phone gateways.
- Users must not use a USB or Ethernet subscriber line interface card (SLIC) associated with a commercial VoIP service (such as magicJack) or a personal VoIP system in the DoD unless the SLIC is sanctioned and provided by a DoD component or organization.
- Users must not use UC soft client accessories capable of bridging a DoD network or DoD application with another computer, phone network, or the PSTN.
- Users must not use DoD-provided UC soft client while working in their normal DoD workspace without permission of the ISSO.
- Users must receive a caution notice discussing the non-assured nature of UC soft client applications for C2 user awareness that for assured service a UC soft client should not be the primary method of communications.
- Users must receive instruction for the proper and safe use of webcams or built-in cameras when used in a classified environment to prevent viewing classified work or classified material over non-secure networks.
- Users must receive instruction for the proper and safe use of speakerphones or built-in microphones when used in a classified environment to prevent hearing classified discussions over non-secure networks.
- Users must receive instruction regarding the proper and safe use of presentation, document, and desktop sharing.
Sites may modify the above items in accordance with local site policy. However, each item must be addressed in the user agreement. A user agreement may be a standalone document or a larger document addressing remote access or workstation use that enforces the acceptable use of UC soft client applications and accessories.
Discuss the existence and enforcement of the UC soft client acceptable use policy. Inspect signed user agreements for compliance. If no acceptable use policy or related user agreement exists, this is a finding. If the acceptable use policy or related user agreement is deficient in content, this is a finding.
V-16090
False
VVoIP 1335
Interview the ISSO to validate compliance with the following requirement:
Verify a user agreement is developed and enforced with users in accordance with DoD policies addressing the acceptable use of UC soft client applications and associated accessories minimally providing the following information:
- Users must not install any application or agent, to include UC soft clients, VTC software, or IM client that connects to or uses a public VoIP or IM service for non-official business.
- Users must not install any application or agent, to include UC soft clients, VTC software, or IM client that communicates peer-to-peer with other applications, agents, or personal phone gateways.
- Users must not use a USB or Ethernet subscriber line interface card (SLIC) associated with a commercial VoIP service (such as magicJack) or a personal VoIP system in the DoD unless the SLIC is sanctioned and provided by a DoD component or organization.
- Users must not use UC soft client accessories capable of bridging a DoD network or DoD application with another computer, phone network, or the PSTN.
- Users must not use DoD-provided UC soft client while working in their normal DoD workspace without permission of the ISSO.
- Users must receive a caution notice discussing the non-assured nature of UC soft client applications for C2 user awareness that for assured service a UC soft client should not be the primary method of communications.
- Users must receive instruction for the proper and safe use of webcams or built-in cameras when used in a classified environment to prevent viewing classified work or classified material over non-secure networks.
- Users must receive instruction for the proper and safe use of speakerphones or built-in microphones when used in a classified environment to prevent hearing classified discussions over non-secure networks.
- Users must receive instruction regarding the proper and safe use of presentation, document, and desktop sharing.
Sites may modify the above items in accordance with local site policy. However, each item must be addressed in the user agreement. A user agreement may be a standalone document or a larger document addressing remote access or workstation use that enforces the acceptable use of UC soft client applications and accessories.
Discuss the existence and enforcement of the UC soft client acceptable use policy. Inspect signed user agreements for compliance. If no acceptable use policy or related user agreement exists, this is a finding. If the acceptable use policy or related user agreement is deficient in content, this is a finding.
M
Information Assurance Manager
594