STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

Unnecessary/unused remote control/management/configuration protocols are not disabled.

DISA Rule

SV-18876r1_rule

Vulnerability Number

V-17702

Group Title

RTS-VTC 3130.00 [IP]

Rule Version

RTS-VTC 3130.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

[IP]; Perform the following tasks:
Configure the VTC system/device such that unused or unneeded ports, protocols, and services are disabled or removed from the system.

Check Contents

[IP]; Interview the IAO and validate compliance with the following requirement:

Ensure remote access ports, protocols, and services used for VTC system/device “Remote Control/Management/Configuration” are disabled, turned off, or removed if not required in the specific implementation of the device.

Determine what ports, protocols, and services are required for in the specific implementation of the device. Have the SA demonstrate the device configuration regarding these protocols or independently validate that only the required ports, protocols, and services are active. Validation can be performed by performing a scan of the network and management interface of the system/device. This is a finding if it is determined that there are ports, protocols, and services active that are not needed for the specific implementation of the device.

Vulnerability Number

V-17702

Documentable

False

Rule Version

RTS-VTC 3130.00

Severity Override Guidance

[IP]; Interview the IAO and validate compliance with the following requirement:

Ensure remote access ports, protocols, and services used for VTC system/device “Remote Control/Management/Configuration” are disabled, turned off, or removed if not required in the specific implementation of the device.

Determine what ports, protocols, and services are required for in the specific implementation of the device. Have the SA demonstrate the device configuration regarding these protocols or independently validate that only the required ports, protocols, and services are active. Validation can be performed by performing a scan of the network and management interface of the system/device. This is a finding if it is determined that there are ports, protocols, and services active that are not needed for the specific implementation of the device.

Check Content Reference

I

Potential Impact

The availability of unused or unneeded ports, protocols, and services used to configure and manage or otherwise access a VTC system/device could lead to the disclosure of sensitive or classified information to individuals that may not have an appropriate need-to-know or proper security clearance.

Responsibility

Information Assurance Officer

Target Key

1418

Comments