Insufficient security clearance held by an “operator/facilitator/administrator” performing remote monitoring activities during a VTC session/conference.

SV-18855r1_rule Insufficient security clearance held by an “operator/facilitator/administrator” performing remote monitoring activities during a VTC session/conference.

Vulnerability discussion

Administrators or “operators/facilitators” that perform monitoring as discussed in this section must have an appropriate security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

Check content

[IP][ISDN]; Interview the Administrator to validate compliance with the following requirement: Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed. Verify with IAO that conference call operator/facilitator has security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

Fix text

[IP][ISDN]; Perform the following tasks: Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.