STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

inadequate user training for pc presentation sharing that could lead to compromise of other information on the presenting PC

DISA Rule

SV-18871r1_rule

Vulnerability Number

V-17697

Group Title

RTS-VTC 2460.00 [IP][ISDN]

Rule Version

RTS-VTC 2460.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

[IP][ISDN]; Perform the following tasks:
Train users and administrators in the proper use and operation of PC to CODEC connections and provide an understanding of the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure.

Check Contents

[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:

Ensure VTU users receive training in the proper use and operation of PC to CODEC connections and understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure.

Interview a sampling of VTU administrators and users to verify that training has been provided for proper use and operation of PC to CODEC connections and that they understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure. This is a finding if deficiencies are found. List these deficiencies in the finding details.

Vulnerability Number

V-17697

Documentable

False

Rule Version

RTS-VTC 2460.00

Severity Override Guidance

[IP][ISDN]; Interview the IAO to validate compliance with the following requirement:

Ensure VTU users receive training in the proper use and operation of PC to CODEC connections and understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure.

Interview a sampling of VTU administrators and users to verify that training has been provided for proper use and operation of PC to CODEC connections and that they understand the vulnerabilities associated with such interconnections regarding inadvertent or improper information disclosure. This is a finding if deficiencies are found. List these deficiencies in the finding details.

Check Content Reference

I

Potential Impact

The inadvertent disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.

Responsibility

Information Assurance Manager

Target Key

1418

Comments