STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

VVoIP endpoint configuration files must not be downloaded automatically during initial endpoint registration.

DISA Rule

SV-75799r2_rule

Vulnerability Number

V-61319

Group Title

VVoIP 1937

Rule Version

VVoIP 1937

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement a VVoIP system design preventing auto-download of VVoIP endpoint configuration files on initial deployment. Document the design, demonstrating that unregulated automatic download of VVoIP endpoint configuration files during initial registration is prevented.

Check Contents

Review site documentation to confirm the VVoIP endpoint configuration files are not downloaded automatically during initial endpoint registration.

If VVoIP endpoint configuration files are downloaded automatically during initial endpoint registration, this is a finding.

Vulnerability Number

V-61319

Documentable

False

Rule Version

VVoIP 1937

Severity Override Guidance

Review site documentation to confirm the VVoIP endpoint configuration files are not downloaded automatically during initial endpoint registration.

If VVoIP endpoint configuration files are downloaded automatically during initial endpoint registration, this is a finding.

Check Content Reference

M

Target Key

594

Comments