STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18864r4_rule
V-17690
RTS-VTC 2026
RTS-VTC 2026.00
CAT II
10
Implement VTUs that support different password for different functions as follows:
- Passwords are required for access to all functions and services of the VTU. This includes, but may not be limited to, the following:
- Local user device use/activation and access to user configurable settings.
- Local user or machine access to the user’s networked or otherwise attached PC running a presentation or desktop sharing application (if used or permitted; discussed later under PC Data and Presentation Sharing).
- Local administrator access to configuration settings.
- Remote administrator access to configuration settings and for remote software or firmware upgrade via IP or ISDN.
- Remote caller access to a VTU integrated MCU conference if local user intervention is not required.
- Remote user access to media streamed from a VTU CODEC.
- Passwords used by VTU users, administrators, and devices are logically grouped by entity and roles (human or machine), type of access provided (information vs. control), and device accessed.
- Passwords are unique across these logical groups (i.e., a single password will not be used for multiple functions or to access multiple devices from a given VTU with the exception of a user’s local access to the VTU or its user accessible settings).
- Passwords that provide user or administrator level access to another device or information will not be stored on the VTU for automated entry in lieu of the person entering the required password.
Note: Updating firmware or software to provide desired functionality is preferred. A vendor may provide security updates and patches that offer additional functions.
Review site documentation to confirm passwords are required for access to all functions and services of the VTU, to include:
- Local user device use/activation and access to user configurable settings.
- Local user or machine access to the user’s networked or otherwise attached PC running a presentation or desktop sharing application when permitted.
- Local administrator access to configuration settings.
- Remote administrator access to configuration settings and for remote software or firmware upgrade.
- Remote caller access to a VTU integrated MCU conference if local user intervention is not required.
- Remote user access to media streamed from a VTU CODEC.
- Passwords used by VTU users, administrators, and devices are logically grouped by entity and roles (human or machine), type of access provided (information vs. control), and device accessed.
- Passwords are unique across these logical groups. (i.e., a single password will not be used for multiple functions or to access multiple devices from a given VTU with the exception of a user’s local access to the VTU or its user accessible settings).
- Passwords that provide user or administrator level access to another device or information will not be stored on the VTU for automated entry in lieu of the person entering the required password.
If a VTU password is not used for each VTU function, this is a finding. If different VTU passwords are not used for groups of VTU functions, this is a finding.
V-17690
False
RTS-VTC 2026.00
Review site documentation to confirm passwords are required for access to all functions and services of the VTU, to include:
- Local user device use/activation and access to user configurable settings.
- Local user or machine access to the user’s networked or otherwise attached PC running a presentation or desktop sharing application when permitted.
- Local administrator access to configuration settings.
- Remote administrator access to configuration settings and for remote software or firmware upgrade.
- Remote caller access to a VTU integrated MCU conference if local user intervention is not required.
- Remote user access to media streamed from a VTU CODEC.
- Passwords used by VTU users, administrators, and devices are logically grouped by entity and roles (human or machine), type of access provided (information vs. control), and device accessed.
- Passwords are unique across these logical groups. (i.e., a single password will not be used for multiple functions or to access multiple devices from a given VTU with the exception of a user’s local access to the VTU or its user accessible settings).
- Passwords that provide user or administrator level access to another device or information will not be stored on the VTU for automated entry in lieu of the person entering the required password.
If a VTU password is not used for each VTU function, this is a finding. If different VTU passwords are not used for groups of VTU functions, this is a finding.
M
Other
1418