STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next.

DISA Rule

SV-55744r1_rule

Vulnerability Number

V-43015

Group Title

RTS-VTC 7000 [IP]

Rule Version

RTS-VTC 7000

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Obtain equipment that has an automatic capability to sanitize memory or implement and document a manual procedure. Implement the automatic capability or manual procedure to sanitize all information while transitioning from one period/network to the next.

Check Contents

Verify that an automatic capability exists and review documentation to determine whether this capability is being implemented before transitioning from one period/network to the next. If no automatic capability exists, review organizational documentation to determine whether a manual procedure is specified and implemented before transitioning from one period/network to the next. Coordinate with the vendor/solutions provider and certifier to ensure all residual information is sanitized based on equipment make and model.

If an automatic capability exists and is being implemented, this is not a finding.
If an automatic capability exists but is not being implemented, this is a finding unless a manual procedure is specified and is being implemented.
If a manual procedure is specified and is being implemented, this is not a finding.
If no procedure is specified or none being implemented, this is a finding.

Vulnerability Number

V-43015

Documentable

False

Rule Version

RTS-VTC 7000

Severity Override Guidance

Verify that an automatic capability exists and review documentation to determine whether this capability is being implemented before transitioning from one period/network to the next. If no automatic capability exists, review organizational documentation to determine whether a manual procedure is specified and implemented before transitioning from one period/network to the next. Coordinate with the vendor/solutions provider and certifier to ensure all residual information is sanitized based on equipment make and model.

If an automatic capability exists and is being implemented, this is not a finding.
If an automatic capability exists but is not being implemented, this is a finding unless a manual procedure is specified and is being implemented.
If a manual procedure is specified and is being implemented, this is not a finding.
If no procedure is specified or none being implemented, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1418

Comments