STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

No indicator is displayed on the VTU screen when CODEC streaming is activated.

DISA Rule

SV-17561r1_rule

Vulnerability Number

V-16562

Group Title

RTS-VTC 2350.00 [IP]

Rule Version

RTS-VTC 2350.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

[IP]; Perform the following tasks:
- Purchase VTC equipment that either does not support streaming from the CODEC or provides an indicator that the CODEC is actively streaming.
AND/OR
- Configure the CODEC to provide the required on-screen indicator in the event such display does not occur by default.
AND
Include awareness of the indicator and its meaning in user training and user guides.

Check Contents

[IP]; Validate compliance with the following requirement:

Ensure an on-screen indicator is displayed when the VTU/CODEC is actively streaming. Include awareness of the indicator and its meaning in user training and user guides.

Note: This is a requirement whether streaming from a CODEC is approved or not.

Note: During APL testing, this is a finding in the event this requirement is not supported by the CODEC.

This is a finding if an on-screen indicator is not displayed when the VTU/CODEC is actively streaming. Validate compliance via inspection of the device manuals or activate streaming and look for the on-screen indicator. Activating the streaming feature may require applying a streaming configuration. If so, be sure to remove/disable the configuration following the indicator test.

Vulnerability Number

V-16562

Documentable

False

Rule Version

RTS-VTC 2350.00

Severity Override Guidance

[IP]; Validate compliance with the following requirement:

Ensure an on-screen indicator is displayed when the VTU/CODEC is actively streaming. Include awareness of the indicator and its meaning in user training and user guides.

Note: This is a requirement whether streaming from a CODEC is approved or not.

Note: During APL testing, this is a finding in the event this requirement is not supported by the CODEC.

This is a finding if an on-screen indicator is not displayed when the VTU/CODEC is actively streaming. Validate compliance via inspection of the device manuals or activate streaming and look for the on-screen indicator. Activating the streaming feature may require applying a streaming configuration. If so, be sure to remove/disable the configuration following the indicator test.

Check Content Reference

I

Potential Impact

The inadvertent or improper disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.

Responsibility

System Administrator

Target Key

1418

Comments