STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

Access to personal voice mail settings by the subscriber via an IP connection is not secured via encryption and/or web” server on the voicemail system is not configured in accordance with the “private web server” requirements in the Web Server STIG/Checklist.

DISA Rule

SV-8741r1_rule

Vulnerability Number

V-8255

Group Title

Deficient security: Personal VM settings via web

Rule Version

VVoIP 1520 (GENERAL)

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the voicemail system web access to personal settings in accordance with the applicable private web server requirements in the Web STIG/Checklist and ensure web interface is configured to use HTTPS/TLS.

Check Contents

Have the IAO or SA demonstrate the various methods of accessing a subscriber’s personal settings. Specifically ask if there is “web” access using a browser on the phone or a PC. If so, have the IAO or SA demonstrate the configuration settings that provide encryption for the access.

Vulnerability Number

V-8255

Documentable

False

Rule Version

VVoIP 1520 (GENERAL)

Severity Override Guidance

Have the IAO or SA demonstrate the various methods of accessing a subscriber’s personal settings. Specifically ask if there is “web” access using a browser on the phone or a PC. If so, have the IAO or SA demonstrate the configuration settings that provide encryption for the access.

Check Content Reference

M

Potential Impact

Denial of Service and/or unauthorized access to network or voice system resources or services and the information they contain. Application of features and potential call redirection by unauthorized users.

Responsibility

Information Assurance Officer

Target Key

594

Comments