| Checked | Name | Title |
|---|
| ☐ | SV-17061r2_rule | Deficient Policy or SOP for VTC and PC camera operations regarding their ability to pickup and transmit sensitive or classified information in visual form. |
| ☐ | SV-17063r2_rule | VTC, Unified Capability (UC) soft client, and speakerphone microphone operations policy must prevent the pickup and transmission of sensitive or classified information over non-secure systems. |
| ☐ | SV-17064r1_rule | Deficient Policy or SOP regarding PC communications video display positioning. |
| ☐ | SV-17065r1_rule | Deficient SOP or enforcement regarding presentation and application sharing via a PC or VTC. |
| ☐ | SV-17556r1_rule | Administrative sessions with the VTU do not timeout within a maximum of 15 minutes. |
| ☐ | SV-17559r1_rule | Use of media streaming is not documented properly or is not configured securely. |
| ☐ | SV-17561r1_rule | No indicator is displayed on the VTU screen when CODEC streaming is activated. |
| ☐ | SV-17563r2_rule | Deficient SOP or enforcement for VTC/CODEC streaming. |
| ☐ | SV-18715r2_rule | The VTC endpoints and system components must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
| ☐ | SV-18718r1_rule | Deficient SOP or enforcement regarding how to power-off the VTU when it is not actively participating in a conference. |
| ☐ | SV-18719r1_rule | Deficient SOP or enforcement for microphone and camera disablement when the VTU is required to be powered and inactive (in standby). |
| ☐ | SV-18720r1_rule | Deficient VTU sleep mode configuration or operation. |
| ☐ | SV-18721r1_rule | Inadequate display of an incoming call notification such that the VTU user can make an informed decision to answer the call or not. |
| ☐ | SV-18722r1_rule | Auto-answer feature is not administratively disabled. |
| ☐ | SV-18723r1_rule | Deficient SOP for, enforcement, usage, or configuration of the auto-answer feature. |
| ☐ | SV-18725r1_rule | Deficient SOP or enforcement regarding handling of incoming calls while in a conference. |
| ☐ | SV-18726r1_rule | Remote monitoring is not disabled while connected to an IP Network. |
| ☐ | SV-18727r1_rule | Inadequate “operator/facilitator/administrator” access control for remote monitoring of a VTU connected to an IP network. |
| ☐ | SV-18854r1_rule | Inadequate notification to conference participants (manual or automatic) of monitoring activity by someone that is not a direct participant in a VTC session/conference. |
| ☐ | SV-18855r1_rule | Insufficient security clearance held by an “operator/facilitator/administrator” performing remote monitoring activities during a VTC session/conference. |
| ☐ | SV-18856r1_rule | Far end camera control is not disabled. |
| ☐ | SV-18857r2_rule | VTC data in transit must be encrypted. |
| ☐ | SV-18858r2_rule | The VTU must use FIPS 140-2 validated encryption module. |
| ☐ | SV-18859r1_rule | VTU encryption indicator is not enabled. |
| ☐ | SV-18860r1_rule | Deficient SOP or enforcement for user validation that encryption is on when required |
| ☐ | SV-18861r2_rule | The VTC system and components must not have default or factory passwords. |
| ☐ | SV-18862r3_rule | The VTC system and components must not display passwords in clear text. |
| ☐ | SV-18863r4_rule | The Videoconferencing system and components passwords must meet complexity and strength policy. |
| ☐ | SV-18864r4_rule | A VTU password must be used for each VTU function. |
| ☐ | SV-18865r2_rule | Classified videoconferencing systems must authenticate with a unique user logon prior to performing functions and services. |
| ☐ | SV-18866r1_rule | Deficient SOP or enforcement of the SOP for manual password management. |
| ☐ | SV-18867r1_rule | Deficient SOP or enforcement of One Time Use local meeting password |
| ☐ | SV-18868r1_rule | Deficient user or administrator training regarding the vulnerabilities with, and operation of, CODEC streaming |
| ☐ | SV-18869r1_rule | CODEC streaming is not disabled when it is not required. |
| ☐ | SV-18870r1_rule | VTU/CODEC is not properly configured to support streaming. |
| ☐ | SV-18871r1_rule | inadequate user training for pc presentation sharing that could lead to compromise of other information on the presenting PC |
| ☐ | SV-18872r2_rule | Deficient SOP or enforcement regarding the use of software based virtual connection between the PC and the VTC CODEC. |
| ☐ | SV-18873r3_rule | A CODECs local Application Programmers Interface (API) must prevent unrestricted access to user or administrator configuration settings and CODEC controls without a password. |
| ☐ | SV-18874r2_rule | CODEC control / configuration messages received via the local Application Programmers Interface (API) are not encrypted or authenticated. |
| ☐ | SV-18875r2_rule | Secure protocols must be implemented for CODEC remote control and management. |
| ☐ | SV-18876r1_rule | Unnecessary/unused remote control/management/configuration protocols are not disabled. |
| ☐ | SV-18877r1_rule | SNMP is not being used in accordance with the Network Infrastructure STIG. |
| ☐ | SV-18878r2_rule | Remote management access and SNMP access and reporting are not restricted by IP address and/or subnet. |
| ☐ | SV-18879r2_rule | VTC systems and devices must run the latest DoD-approved patches/firmware/software from the system/device vendor. |
| ☐ | SV-18880r3_rule | Video Teleconferencing system components must display the Standard Mandatory DoD Notice and Consent Banner exactly as specified prior to logon or initial access. |
| ☐ | SV-18881r1_rule | All VTC system management systems/servers are not configured in compliance with all applicable STIGs |
| ☐ | SV-18882r2_rule | Deficient SOP or enforcement regarding the approval and deployment of VTC capabilities. |
| ☐ | SV-18883r3_rule | A VTC management system or endpoint must have risk approval and acceptance in writing by the responsible Authorizing Official (AO). |
| ☐ | SV-18884r2_rule | VTC system and endpoint users, administrators, and helpdesk representatives must receive cybersecurity training. |
| ☐ | SV-18885r2_rule | VTC system and endpoint users must sign a user agreement when accepting an endpoint or obtaining approval to use an endpoint. |
| ☐ | SV-18886r2_rule | User Guides and documentation packages must be developed and distributed to users operating VTC endpoints. |
| ☐ | SV-18887r3_rule | VTC systems must be logically or physically segregated on the LAN from data systems, other non-integrated voice communication (VoIP) systems, and by VTC system type. |
| ☐ | SV-18888r1_rule | VTC endpoint connectivity is established via an unapproved DoD Wireless LAN infrastructure |
| ☐ | SV-18889r2_rule | A VTC endpoint must not bridge a wired LAN and a wireless LAN. |
| ☐ | SV-18890r1_rule | A VTU endpoint does not have the wireless LAN capability disabled. |
| ☐ | SV-18891r2_rule | A VTU or conference room implemented using wireless components must be protected from external control or compromise. |
| ☐ | SV-18892r1_rule | VTC ports and protocols cross DoD/Enclave boundaries without prior registration in the DoD Ports and Protocols Database. |
| ☐ | SV-18893r2_rule | Access control measures must be implemented for all conferences hosted on a centralized MCU appliance. |
| ☐ | SV-18894r2_rule | Access control measures must be implemented for all conferences hosted on a centralized MCU appliance. |
| ☐ | SV-55744r1_rule | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next. |
| ☐ | SV-55745r1_rule | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by connecting the CODEC to one network at a time, matching the classification level of the session to the classification level of the network. |
| ☐ | SV-55746r2_rule | IP-based VTC systems must not connect to ISDN lines when connected to a classified network. |
| ☐ | SV-55747r1_rule | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing sanitization by purging/clearing volatile memory within the CODEC by powering the CODEC off for a minimum of 60 seconds. |
| ☐ | SV-55748r1_rule | IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must sanitize non-volatile memory while transitioning between networks by overwriting all configurable parameters with null settings before reconfiguring the CODEC for connection to the next network. |
| ☐ | SV-55749r1_rule | The A/B, A/B/C, or A/B/C/D switch within an IP-based VTC system supporting conferences on multiple networks having different classification levels must be based on optical technologies to maintain electrical isolation between the various networks to which it connects. |
| ☐ | SV-55750r1_rule | An IP-based VTC system implementing a single CODEC supporting conferences on multiple networks having different classification levels must be implemented in a manner such that configuration information for a network having a higher classification level is not disclosed to a network having a lower classification level. |
| ☐ | SV-55751r1_rule | The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must be Common Criteria certified. |
| ☐ | SV-55752r2_rule | The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC supporting conferences on multiple networks having different classification levels must be TEMPEST certified. |
| ☐ | SV-55753r1_rule | An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks having different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections such that only one CODEC is powered on or one CODEC is connected to any network at any given time. |
| ☐ | SV-55754r2_rule | The implementation of an IP-based VTC system supporting conferences on multiple networks having different classification levels must maintain isolation between the networks to which it connects by implementing separation of equipment and cabling between the various networks having differing classification levels in accordance with CNSSAM TEMPEST/01-13, RED/BLACK Installation Guidance. |
| ☐ | SV-55756r1_rule | An enclave supporting an IP-based VTC system that must communicate across an IP WAN must implement a VTC/VVoIP-aware firewall or H.460-based firewall traversal solution at its boundary with the WAN. |
| ☐ | SV-55757r1_rule | An IDS/IPS must protect the IP-based VTC system within the enclave. |
| ☐ | SV-55759r1_rule | The IP-based VTC system must authenticate to an H.323 Gatekeeper or VVoIP session/call controller. |
| ☐ | SV-55764r1_rule | The IP-based VTC system must use H.235-based signaling encryption. |
| ☐ | SV-55767r1_rule | The operator of an ISDN-based VTC system utilizing a Type 1 encryptor for classified sessions must ensure any removable Keying Material (KEYMAT) (e.g., Cryptographic Ignition Key (CIK)) for the encryptor is secured in an appropriate secure facility or GSA-approved container when the system is not in use. |
| ☐ | SV-55769r1_rule | An ISDN-based or IP-based VTC system supporting conferences on multiple networks having different classification levels must utilize approved automatically controlled signage to indicate the secure/non-secure status or classification level of the conference/session. Such signage will be placed within the conference room and outside each entrance. |
| ☐ | SV-55770r1_rule | An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences must utilize an approved pair of EIA-530 A/B switches operated in tandem or a dual A/B switch to switch the Type 1 encryptor in/out of the circuit between the CODEC and IMUX. |
| ☐ | SV-55772r1_rule | An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences while implementing dialing capability from the CODEC must utilize an approved EIA-366-A dial isolator that disconnects the dialing channel between the CODEC and IMUX when the IMUX signals it is connected to another IMUX (i.e., the session is connected). |
| ☐ | SV-55774r2_rule | An ISDN-based VTC system supporting secure (classified) and non-secure (unclassified) conferences must be cabled to maintain a minimum of 5 or 15 centimeters RED/BLACK separation on either side of any Type 1 encryptor and any dial isolator (depending on the TEMPEST zone). |
| ☐ | SV-55778r1_rule | ISDN-based VTC equipment supporting secure (classified) and non-secure (unclassified) conferences which implement dial isolators and A/B switches must meet minimum port-to-port isolation standards. |
| ☐ | SV-68941r1_rule | Video teleconferencing system components Standard Mandatory DoD Notice and Consent Banner must be acknowledged by the user prior to logon or initial access. |
| ☐ | SV-93757r2_rule | Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over non-secure systems. |
STIGQter: STIG Summary: