No indicator is displayed on the VTU screen when CODEC streaming is activated.

From Video Services Policy STIG

Part of RTS-VTC 2350.00 [IP]

Associated with IA controls: ECSC-1, DCBP-1

SV-17561r1_rule No indicator is displayed on the VTU screen when CODEC streaming is activated.

Vulnerability discussion

It is imperative that the operator of a VTU know if his/her CODEC is streaming. This is due the ease with which streaming can be activated accidentally or intentionally and that it can be activated remotely by various methods or individuals with different privilege levels. The VTU must display an indication on the screen if it is actively streaming so that the VTU user/operator can be aware of the fact and take action to stop the streaming or disconnect the call if the CODEC should not be streaming.Note: For additional information regarding the vulnerabilities associated with VTC streaming, see the discussion under RTS-VTC 2340

Check content

[IP]; Validate compliance with the following requirement: Ensure an on-screen indicator is displayed when the VTU/CODEC is actively streaming. Include awareness of the indicator and its meaning in user training and user guides. Note: This is a requirement whether streaming from a CODEC is approved or not. Note: During APL testing, this is a finding in the event this requirement is not supported by the CODEC. This is a finding if an on-screen indicator is not displayed when the VTU/CODEC is actively streaming. Validate compliance via inspection of the device manuals or activate streaming and look for the on-screen indicator. Activating the streaming feature may require applying a streaming configuration. If so, be sure to remove/disable the configuration following the indicator test.

Fix text

[IP]; Perform the following tasks: - Purchase VTC equipment that either does not support streaming from the CODEC or provides an indicator that the CODEC is actively streaming. AND/OR - Configure the CODEC to provide the required on-screen indicator in the event such display does not occur by default. AND Include awareness of the indicator and its meaning in user training and user guides.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer