STIGQter: STIG Summary: Voice Video Session Management Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Voice Video Session Manager must produce session (call) records containing the identity of the initiator of the call.

DISA Rule

SV-206819r508661_rule

Vulnerability Number

V-206819

Group Title

SRG-NET-000077

Rule Version

SRG-NET-000077-VVSM-00034

Severity

CAT II

CCI(s)

• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.

Weight

10

Fix Recommendation

Configure the Voice Video Session Manager to produce session records containing the identity of the initiator of the call.

Check Contents

Verify the Voice Video Session Manager produces session records containing the identity of the initiator of the call. The identity of the initiator of the call in this context would be the device ID or the address of the MAC or IP. For Voice Video Session Managers that have the concept of a user rather than device, this requirement is not applicable.

If the Voice Video Session Manager does not produce session records containing the identity of the initiator of the call, this is a finding.

Vulnerability Number

V-206819

Documentable

False

Rule Version

SRG-NET-000077-VVSM-00034

Severity Override Guidance

Verify the Voice Video Session Manager produces session records containing the identity of the initiator of the call. The identity of the initiator of the call in this context would be the device ID or the address of the MAC or IP. For Voice Video Session Managers that have the concept of a user rather than device, this requirement is not applicable.

If the Voice Video Session Manager does not produce session records containing the identity of the initiator of the call, this is a finding.

Check Content Reference

M

Target Key

2916

Comments