STIGQter STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019: PC presentation or application sharing capabilities are not properly limited.

DISA Rule

SV-21766r2_rule

Vulnerability Number

V-19625

Group Title

Deficient Config: PC Collab App: Sharing Security

Rule Version

VVoIP 1725

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure PC based collaboration application sharing and remote control features or capabilities do not provide unrestricted access to other (i.e., non-shared) applications, the local hard drive(s), or other drives accessible through the network. In other words, the collaboration application will not provide, or will be configured to not provide, full remote control of the host (i.e., shared) PC. Sharing capabilities will be limited to the collaboration application and other applications or documents (e.g., document based applications and documents launched by the host PC user) specifically shared by the host PC user.

Configure PC collaboration applications of all forms to not provide full remote control access to the host PC. Limit access to the applications relevant to the collaboration session or the video display. Train users in proper operation of the sharing capabilities. If necessary, limit or deny access to collaboration applications that do not or cannot be configured to not provide full PC remote control as described above.

Check Contents

Interview the IAO to validate compliance with the following requirement:

Ensure PC based collaboration application sharing and remote control features or capabilities do not provide unrestricted access to other (i.e., non-shared) applications, the local hard drive(s), or other drives accessible through the network. In other words, the collaboration application will not provide, or will be configured to not provide, full remote control of the host (i.e., shared) PC. Sharing capabilities will be limited to the collaboration application and other applications or documents (e.g., document based applications and documents launched by the host PC user) specifically shared by the host PC user.

Inspect or have a SA demonstrate the configuration and capabilities of the collaboration tool with respect to its sharing capabilities. This is a finding if the following is not met:
> PC based collaboration application sharing and remote control features or capabilities will not provide unrestricted access to other (i.e., non shared) applications, the local hard drive(s), or other drives accessible through the network. For example, the collaboration application will not provide, or will be configured to not provide, full remote control of the host (i.e., shared) PC.
> Sharing capabilities will be limited to the collaboration application, and other applications or documents specifically shared by the host PC user. (e.g., document based applications and documents launched by the host PC user)

Vulnerability Number

V-19625

Documentable

False

Rule Version

VVoIP 1725

Severity Override Guidance

Interview the IAO to validate compliance with the following requirement:

Ensure PC based collaboration application sharing and remote control features or capabilities do not provide unrestricted access to other (i.e., non-shared) applications, the local hard drive(s), or other drives accessible through the network. In other words, the collaboration application will not provide, or will be configured to not provide, full remote control of the host (i.e., shared) PC. Sharing capabilities will be limited to the collaboration application and other applications or documents (e.g., document based applications and documents launched by the host PC user) specifically shared by the host PC user.

Inspect or have a SA demonstrate the configuration and capabilities of the collaboration tool with respect to its sharing capabilities. This is a finding if the following is not met:
> PC based collaboration application sharing and remote control features or capabilities will not provide unrestricted access to other (i.e., non shared) applications, the local hard drive(s), or other drives accessible through the network. For example, the collaboration application will not provide, or will be configured to not provide, full remote control of the host (i.e., shared) PC.
> Sharing capabilities will be limited to the collaboration application, and other applications or documents specifically shared by the host PC user. (e.g., document based applications and documents launched by the host PC user)

Check Content Reference

M

Target Key

3407

Comments