STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18723r1_rule
V-17596
RTS-VTC 1060.00 [IP][ISDN]
RTS-VTC 1060.00
CAT II
10
[IP][ISDN]; Perform the following tasks:
In the event the auto-answer feature is approved for use, perform the following tasks:
- Maintain full documentation on the validation of the mission requirement and the DAA approval to use the auto-answer feature
- Develop and enforce a SOP regarding the proper use of the auto-answer feature.
- Configure the auto-answer feature to answer with the microphone muted.
- Ensure the camera is covered by the user or otherwise disabled automatically while waiting for a call.
- Ensure the VTU provides a visual indication that a call has been answered.
- Train users to ensure the ringer or audible notification volume is set and maintained at an easily audible level or the VTU automatically satisfies this requirement.
- Train the user(s) to which the feature is available in its proper use as reflected in the SOP and in the vulnerabilities it presents.
[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:
In the event the auto-answer feature is available and/or used, ensure a policy and procedure is in place and enforced such that, all of the following occurs:
- The auto-answer feature is configured to answer with the microphone muted.
- The camera is covered or otherwise disabled while waiting for a call.
- The VTU provides a visual indication that a call has been answered.
- The user will ensure the ringer or audible notification volume is set to an easily audible level or the VTU will automatically satisfy this requirement.
- The user(s) to which the feature is available is trained in its proper use as reflected in the SOP and in the vulnerabilities it presents.
Note: During APL testing, this is a finding in the event “auto-answer with microphone muted” is not configurable on the VTU. It is also desirable that this setting will ensure the audible notification is at a level to be easily heard.
Determine if this requirement is covered in a SOP and user training/agreements. Interview a sampling of users to determine their awareness and implementation of the requirement. Verify that, if supported, the VTU auto-answer feature is configured to answer with microphone muted.
V-17596
False
RTS-VTC 1060.00
[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:
In the event the auto-answer feature is available and/or used, ensure a policy and procedure is in place and enforced such that, all of the following occurs:
- The auto-answer feature is configured to answer with the microphone muted.
- The camera is covered or otherwise disabled while waiting for a call.
- The VTU provides a visual indication that a call has been answered.
- The user will ensure the ringer or audible notification volume is set to an easily audible level or the VTU will automatically satisfy this requirement.
- The user(s) to which the feature is available is trained in its proper use as reflected in the SOP and in the vulnerabilities it presents.
Note: During APL testing, this is a finding in the event “auto-answer with microphone muted” is not configurable on the VTU. It is also desirable that this setting will ensure the audible notification is at a level to be easily heard.
Determine if this requirement is covered in a SOP and user training/agreements. Interview a sampling of users to determine their awareness and implementation of the requirement. Verify that, if supported, the VTU auto-answer feature is configured to answer with microphone muted.
I
The inadvertent disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.
Other
1418