STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

Far end camera control is not disabled.

DISA Rule

SV-18856r1_rule

Vulnerability Number

V-17682

Group Title

RTS-VTC 1180.00 [IP][ISDN]

Rule Version

RTS-VTC 1180.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

[IP][ISDN]; Perform the following tasks:
Configure the CODEC to disable far end camera control
OR
Document and validate the mission requirements that require far end camera control to be enabled and obtain DAA approval. Maintain the requirement and approval documentation for review by auditors.

Check Contents

[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:

Ensure far end camera control is disabled unless required to satisfy validated, approved, and documented mission requirements.

Note: The documented and validated mission requirements along with their approval(s) are maintained by the IAO for inspection by auditors. Such approval is obtained from the DAA or IAM responsible for the VTU(s) or system.

Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU. i.e., far end camera control must be able to be disabled or the feature must not be supported.

Determine if remote monitoring is required and approved to meet mission requirements. Have the IAO or SA demonstrate compliance with the requirement.

Vulnerability Number

V-17682

Documentable

False

Rule Version

RTS-VTC 1180.00

Severity Override Guidance

[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:

Ensure far end camera control is disabled unless required to satisfy validated, approved, and documented mission requirements.

Note: The documented and validated mission requirements along with their approval(s) are maintained by the IAO for inspection by auditors. Such approval is obtained from the DAA or IAM responsible for the VTU(s) or system.

Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU. i.e., far end camera control must be able to be disabled or the feature must not be supported.

Determine if remote monitoring is required and approved to meet mission requirements. Have the IAO or SA demonstrate compliance with the requirement.

Check Content Reference

I

Potential Impact

The inadvertent disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.

Responsibility

Information Assurance Officer

Target Key

1418

Comments