STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

An unapproved Instant Messaging (IM) or Unified Capabilities (UC) soft client must not be used on Government Furnished Equipment (GFE).

DISA Rule

SV-17105r2_rule

Vulnerability Number

V-16117

Group Title

VVoIP 1990

Rule Version

VVoIP 1990

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Implement site policy and procedure to prevent the use of unapproved IM or UC soft client on GFE. Uninstall all unapproved IM or UC soft clients on site GFE.

Check Contents

Review site documentation to confirm a policy and procedure prevents an unapproved IM or UC soft client from being used on GFE. Prohibited clients and services include:
- Yahoo Messenger
- America Online (AOL) Instant Messenger (AIM)
- Microsoft Network (MSN) Messenger
- Skype
- Freshtel
- Google Hangouts (formerly Talk)
- Magic Jack (A hardware USB ATA and UC soft client)
- Soft clients associated with home telephone service from carriers such as Verizon. AT&T, and Quest, cable carriers such as Comcast and Cox, or competing VoIP carriers such as Vonage.

If a policy and procedure does not prevent use of an unapproved IM or UC soft client on GFE, this is a finding. If unapproved clients or services are in use by site personnel, this is a finding.

An unapproved Instant Messaging (IM) or Unified Capabilities (UC) soft client must not be used on Government Furnished Equipment (GFE).

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments