STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: An unapproved Instant Messaging (IM) or Unified Capabilities (UC) soft client must not be used on Government Furnished Equipment (GFE).

DISA Rule

SV-17105r2_rule

Vulnerability Number

V-16117

Group Title

VVoIP 1990

Rule Version

VVoIP 1990

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement site policy and procedure to prevent the use of unapproved IM or UC soft client on GFE. Uninstall all unapproved IM or UC soft clients on site GFE.

Check Contents

Review site documentation to confirm a policy and procedure prevents an unapproved IM or UC soft client from being used on GFE. Prohibited clients and services include:
- Yahoo Messenger
- America Online (AOL) Instant Messenger (AIM)
- Microsoft Network (MSN) Messenger
- Skype
- Freshtel
- Google Hangouts (formerly Talk)
- Magic Jack (A hardware USB ATA and UC soft client)
- Soft clients associated with home telephone service from carriers such as Verizon. AT&T, and Quest, cable carriers such as Comcast and Cox, or competing VoIP carriers such as Vonage.

If a policy and procedure does not prevent use of an unapproved IM or UC soft client on GFE, this is a finding. If unapproved clients or services are in use by site personnel, this is a finding.

Vulnerability Number

V-16117

Documentable

False

Rule Version

VVoIP 1990

Severity Override Guidance

Review site documentation to confirm a policy and procedure prevents an unapproved IM or UC soft client from being used on GFE. Prohibited clients and services include:
- Yahoo Messenger
- America Online (AOL) Instant Messenger (AIM)
- Microsoft Network (MSN) Messenger
- Skype
- Freshtel
- Google Hangouts (formerly Talk)
- Magic Jack (A hardware USB ATA and UC soft client)
- Soft clients associated with home telephone service from carriers such as Verizon. AT&T, and Quest, cable carriers such as Comcast and Cox, or competing VoIP carriers such as Vonage.

If a policy and procedure does not prevent use of an unapproved IM or UC soft client on GFE, this is a finding. If unapproved clients or services are in use by site personnel, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments