STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

VTC systems and devices must run the latest DoD-approved patches/firmware/software from the system/device vendor.

DISA Rule

SV-18879r2_rule

Vulnerability Number

V-17705

Group Title

RTS-VTC 3320

Rule Version

RTS-VTC 3320.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Perform the following tasks:
Ensure updates to software firmware are patched, tested, and approved by a DoD entity prior to installation of such updates and patches per DoD policy.

Install the latest DoD-approved patches, firmware, and software from the system/device vendor.

Check Contents

Interview the ISSO and validate compliance with the following requirement:

Ensure all VTC systems and devices are running the latest DoD-approved patches, firmware, and software from the VTC system and device vendors to ensure the most current IA vulnerability mitigations or fixes are employed. Validate the latest software, firmware, and patches are installed on VTC systems and devices. Inspect the documentation regarding DoD testing and approval of the installed versions. If a CODEC or other VTC device is not using the latest software, firmware, and patches from the VTC system or device vendor, this is a finding.

Note: Updating firmware or software to provide desired functionality is preferred. A vendor may provide security updates and patches that offer additional functions. In many cases, the IA Vulnerability Management (IAVM) system mandates updating software to reduce risk to DoD networks.

Vulnerability Number

V-17705

Documentable

False

Rule Version

RTS-VTC 3320.00

Severity Override Guidance

Interview the ISSO and validate compliance with the following requirement:

Ensure all VTC systems and devices are running the latest DoD-approved patches, firmware, and software from the VTC system and device vendors to ensure the most current IA vulnerability mitigations or fixes are employed. Validate the latest software, firmware, and patches are installed on VTC systems and devices. Inspect the documentation regarding DoD testing and approval of the installed versions. If a CODEC or other VTC device is not using the latest software, firmware, and patches from the VTC system or device vendor, this is a finding.

Note: Updating firmware or software to provide desired functionality is preferred. A vendor may provide security updates and patches that offer additional functions. In many cases, the IA Vulnerability Management (IAVM) system mandates updating software to reduce risk to DoD networks.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1418

Comments