STIGQter STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

The VTC endpoints and system components must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

DISA Rule

SV-18715r2_rule

Vulnerability Number

V-17589

Group Title

RTS-VTC 1000

Rule Version

RTS-VTC 1000.00

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Procure and implement VTC endpoints and system components configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. Encourage vendors to develop VTC systems and devices that provide robust IA features that support compliance with DoD policies for all devices.

Check Contents

Review the VTC system architecture and ensure the VTC endpoints and system components are configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. Ensure all VTC endpoints and system components comply with the following NIST 800-53 (Rev. 4) IA controls:
- Account Management (AC-2)
- Individual ID & Password (IA-5)
- Lockout on logon failure (AC-7)
- Warning Banner (AC-8)
- Roles (privileged access) (AC-1)
- Least Privilege (AC-6, SA-17)
- Security audit (AU-2)
- Audit Content (AU-3)
- Audit Trail Protection (AU-12)

If the VTC endpoints and system components are not configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, this is a finding.

Vulnerability Number

V-17589

Documentable

False

Rule Version

RTS-VTC 1000.00

Severity Override Guidance

Review the VTC system architecture and ensure the VTC endpoints and system components are configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. Ensure all VTC endpoints and system components comply with the following NIST 800-53 (Rev. 4) IA controls:
- Account Management (AC-2)
- Individual ID & Password (IA-5)
- Lockout on logon failure (AC-7)
- Warning Banner (AC-8)
- Roles (privileged access) (AC-1)
- Least Privilege (AC-6, SA-17)
- Security audit (AU-2)
- Audit Content (AU-3)
- Audit Trail Protection (AU-12)

If the VTC endpoints and system components are not configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, this is a finding.

Check Content Reference

M

Responsibility

Designated Approving Authority

Target Key

1418

Comments