STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

VTC ports and protocols cross DoD/Enclave boundaries without prior registration in the DoD Ports and Protocols Database.

DISA Rule

SV-18892r1_rule

Vulnerability Number

V-17718

Group Title

RTS-VTC 4520.00 [IP]

Rule Version

RTS-VTC 4520.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

[IP]; Perform the following tasks:
- Determine what Ports/Protocols/Services are used by the VTC system within the enclave and which cross the enclave boundary as well as what other boundaries they traverse.
- Register all Ports/Protocols/Services are used by the VTC system in the PPS database.

Check Contents

[IP]; Interview the IAO and validate compliance with the following requirement:

Ensure all protocols and services that cross the enclave boundary and/or any of the defined DoD boundaries (along with their associated IP ports) used by VTC systems for which he/she is responsible are registered in the DoD Ports and Protocols Database in accordance with DoDI 8550.1.

Review network diagrams, device documentation, to identify what VTC/VTU/MCU Ports/Protocols/Services are used by the VTC system. Once these Ports/Protocols/Services have been determined and confirmed for use, verify that these same Ports/Protocols/Services are registered and approved for use in the DoD Ports and Protocols Database in accordance with DoDI 8550.1.

Note: Reference tables are provided in the STIG

Vulnerability Number

V-17718

Documentable

False

Rule Version

RTS-VTC 4520.00

Severity Override Guidance

[IP]; Interview the IAO and validate compliance with the following requirement:

Ensure all protocols and services that cross the enclave boundary and/or any of the defined DoD boundaries (along with their associated IP ports) used by VTC systems for which he/she is responsible are registered in the DoD Ports and Protocols Database in accordance with DoDI 8550.1.

Review network diagrams, device documentation, to identify what VTC/VTU/MCU Ports/Protocols/Services are used by the VTC system. Once these Ports/Protocols/Services have been determined and confirmed for use, verify that these same Ports/Protocols/Services are registered and approved for use in the DoD Ports and Protocols Database in accordance with DoDI 8550.1.

Note: Reference tables are provided in the STIG

Check Content Reference

I

Potential Impact

Unrestricted and undocumented traffic crossing enclave boundaries can lead to the inadvertent disclosure of sensitive or classified information to individuals that may not have an appropriate need-to-know or proper security clearance as well as denial-of-service and the inability for the operators of the GIG to properly defend it and its interconnected enclaves.

Responsibility

System Administrator

Target Key

1418

Comments