STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:SV-17104r1_rule
V-16116
Deficient Config: PC Comm App. Server Association
VVoIP 1805 (REMOTE)
CAT II
10
Ensure PC based voice, video, UC, or collaboration communications applications are configured such that they only contact and associate with their designated and approved DoD controllers, gateways, and/or servers and their approved backups.
Configure PC based voice, video, UC, or collaboration communications applications such that they only contact and associate with their designated and approved DoD controllers, gateways, and/or servers and their approved backups. Further ensure general application users cannot reconfigure these settings.
Interview the IAO to validate compliance with the following requirement:
Ensure PC based voice, video, UC, or collaboration communications applications are configured such that they only contact and associate with their designated and approved DoD controllers, gateways, and/or servers and their approved backups.
Determine what the application’s permitted controllers, gateways, and/or servers including backups should be from the IAO. Review application configuration settings on a random sampling of PCs to determine if only the permitted controllers, gateways, and/or servers are configured. Further determine if users (not SAs) can reconfigure these settings. This is a finding if PC based voice, video, UC, or collaboration communications applications are NOT configured such that they only contact and associate with their designated and approved DoD controllers, gateways, and/or servers and their approved backups or if general users (not SAs) can reconfigure the related settings.
V-16116
False
VVoIP 1805 (REMOTE)
Interview the IAO to validate compliance with the following requirement:
Ensure PC based voice, video, UC, or collaboration communications applications are configured such that they only contact and associate with their designated and approved DoD controllers, gateways, and/or servers and their approved backups.
Determine what the application’s permitted controllers, gateways, and/or servers including backups should be from the IAO. Review application configuration settings on a random sampling of PCs to determine if only the permitted controllers, gateways, and/or servers are configured. Further determine if users (not SAs) can reconfigure these settings. This is a finding if PC based voice, video, UC, or collaboration communications applications are NOT configured such that they only contact and associate with their designated and approved DoD controllers, gateways, and/or servers and their approved backups or if general users (not SAs) can reconfigure the related settings.
I
Compromise of the supported communications or supporting PC.
Information Assurance Officer
594