STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18884r2_rule
V-17710
RTS-VTC 3660
RTS-VTC 3660.00
CAT II
10
Implement site documentation to support the VTC system and endpoint users, administrators, and helpdesk representatives receive cybersecurity training as follows:
- Administrators, helpdesk representatives, and users are trained in all VTC system and endpoint vulnerabilities, cybersecurity issues, risks to both meeting and non-meeting related information, and assured service capabilities.
- Users, administrators, and helpdesk representatives are trained in all aspects of VTC system and endpoint vulnerability, risk mitigation, and operating procedures. This training may be tailored to the specific VTC system or devices for a site.
- Administrators and helpdesk representatives are trained in all aspects of VTC system and endpoint configuration and implementation to include approved connections.
- The details contained in the SOPs intended to mitigate the vulnerabilities and risks associated with the configuration and operation of the specific VTC system or devices to include:
> Protection of the information discussed or presented in the meeting such as the technical measures to prevent disclosure as well as the inadvertent disclosure of sensitive or classified information to individuals within view or earshot of the VTU.
>The inadvertent disclosure of non-meeting related information to other conference attendees while sharing a presentation or other information from a PC workstation.
>The inadvertent capture and dissemination of non-meeting related information from the area around the VTC endpoint to the other conference attendees.
- Other training topics mentioned elsewhere in this document, are not listed here.
Maintain documentation on who received training and when.
Review site documentation to confirm the VTC system and endpoint users, administrators, and helpdesk representatives receive cybersecurity training as follows:
- Administrators, helpdesk representatives, and users are trained in all VTC system and endpoint vulnerabilities, cybersecurity issues, risks to both meeting and non-meeting related information, and assured service capabilities.
- Users, administrators, and helpdesk representatives are trained in all aspects of VTC system and endpoint vulnerability, risk mitigation, and operating procedures. This training may be tailored to the specific VTC system or devices for a site.
- Administrators and helpdesk representatives are trained in all aspects of VTC system and endpoint configuration and implementation to include approved connections.
- The details contained in the SOPs intended to mitigate the vulnerabilities and risks associated with the configuration and operation of the specific VTC system or devices to include:
> Protection of the information discussed or presented in the meeting such as the technical measures to prevent disclosure as well as the inadvertent disclosure of sensitive or classified information to individuals within view or earshot of the VTU.
>The inadvertent disclosure of non-meeting related information to other conference attendees while sharing a presentation or other information from a PC workstation.
>The inadvertent capture and dissemination of non-meeting related information from the area around the VTC endpoint to the other conference attendees.
- Other training topics mentioned elsewhere in this document, are not listed here.
If VTC system and endpoint users, administrators, and helpdesk representatives do not receive the above cybersecurity training, this is a finding.
Note: Documentation is maintained regarding users, administrators, and helpdesk representative’s receipt of training. Training is refreshed annually and may be incorporated into other IA training received annually. The site may modify these items in accordance with local site policy however these items must be addressed in the training materials.
V-17710
False
RTS-VTC 3660.00
Review site documentation to confirm the VTC system and endpoint users, administrators, and helpdesk representatives receive cybersecurity training as follows:
- Administrators, helpdesk representatives, and users are trained in all VTC system and endpoint vulnerabilities, cybersecurity issues, risks to both meeting and non-meeting related information, and assured service capabilities.
- Users, administrators, and helpdesk representatives are trained in all aspects of VTC system and endpoint vulnerability, risk mitigation, and operating procedures. This training may be tailored to the specific VTC system or devices for a site.
- Administrators and helpdesk representatives are trained in all aspects of VTC system and endpoint configuration and implementation to include approved connections.
- The details contained in the SOPs intended to mitigate the vulnerabilities and risks associated with the configuration and operation of the specific VTC system or devices to include:
> Protection of the information discussed or presented in the meeting such as the technical measures to prevent disclosure as well as the inadvertent disclosure of sensitive or classified information to individuals within view or earshot of the VTU.
>The inadvertent disclosure of non-meeting related information to other conference attendees while sharing a presentation or other information from a PC workstation.
>The inadvertent capture and dissemination of non-meeting related information from the area around the VTC endpoint to the other conference attendees.
- Other training topics mentioned elsewhere in this document, are not listed here.
If VTC system and endpoint users, administrators, and helpdesk representatives do not receive the above cybersecurity training, this is a finding.
Note: Documentation is maintained regarding users, administrators, and helpdesk representative’s receipt of training. Training is refreshed annually and may be incorporated into other IA training received annually. The site may modify these items in accordance with local site policy however these items must be addressed in the training materials.
M
Other
1418