STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019: Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over non-secure systems.

DISA Rule

SV-93757r2_rule

Vulnerability Number

V-79051

Group Title

Speaker operations policy

Rule Version

VVT/VTC 1906

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document and enforce a policy and procedure for video conferencing, UC soft client, and speakerphone speaker operations to prevent disclosure of sensitive or classified information over non-secure systems. Ensure appropriate training is provided for users.

The policy and supporting procedures should take into account the classification of the area where the video conferencing equipment, the PC supporting a UC soft client, and Voice Video endpoints are placed, as well as the classification and need-to-know restraints of the information communicated within the area. Include measures such as closing office or conference room doors, adjusting volume levels in open offices, and muting microphones when not directly in use.

Check Contents

Confirm a policy and supporting procedures are in place that address the placement and operation of video conferencing, UC soft client, and speakerphone speakers to prevent disclosure of sensitive or classified information over non-secure systems. Operational policy and procedures are included in user training and guides.

The policy and supporting procedures should take into account the classification of the area where the video conferencing equipment, the PC supporting a UC soft client, and Voice Video endpoints are placed, as well as the classification and need-to-know restraints of the information communicated within the area. Include measures such as closing office or conference room doors, adjusting volume levels in open offices, and muting microphones when not directly in use.

If a policy and supporting procedures governing video conferencing, UC soft client, and speakerphone speaker operations preventing disclosure of sensitive or classified information over non-secure systems do not exist or are not enforced, this is a finding.

Vulnerability Number

V-79051

Documentable

False

Rule Version

VVT/VTC 1906

Severity Override Guidance

Confirm a policy and supporting procedures are in place that address the placement and operation of video conferencing, UC soft client, and speakerphone speakers to prevent disclosure of sensitive or classified information over non-secure systems. Operational policy and procedures are included in user training and guides.

The policy and supporting procedures should take into account the classification of the area where the video conferencing equipment, the PC supporting a UC soft client, and Voice Video endpoints are placed, as well as the classification and need-to-know restraints of the information communicated within the area. Include measures such as closing office or conference room doors, adjusting volume levels in open offices, and muting microphones when not directly in use.

If a policy and supporting procedures governing video conferencing, UC soft client, and speakerphone speaker operations preventing disclosure of sensitive or classified information over non-secure systems do not exist or are not enforced, this is a finding.

Check Content Reference

M

Target Key

594

Comments