Deficient user or administrator training regarding the vulnerabilities with, and operation of, CODEC streaming

From Video Services Policy STIG

Part of RTS-VTC 2365.00 [IP]

Associated with IA controls: IAIA-2, DCBP-1, PRTN-1, IAIA-1, IAAC-1

SV-18868r1_rule Deficient user or administrator training regarding the vulnerabilities with, and operation of, CODEC streaming

Vulnerability discussion

In conjunction with the SOP for VTU/CODEC streaming, users must be trained in the vulnerabilities of streaming, how to recognize if their CODEC is streaming, and how to deactivate streaming if it should not be active.Note: For additional information regarding the vulnerabilities associated with VTC streaming, see the discussion under RTS-VTC 2340

Check content

[IP]; Interview the IAO to validate compliance with the following requirement: In the event the VTU/CODEC is connected to an IP based LAN, and if the CODEC supports streaming, ensure users/operators and administrators of a VTU receive training regarding streaming that addresses the following: - User awareness regarding the vulnerabilities streaming from a CODEC presents to conference confidentiality. - User awareness regarding accidental activation of streaming. - How to recognize the displayed indication provided by the VTU that it is in streaming mode. - How to terminate streaming, particularly if the CODEC should not be streaming. - The implementation and distribution of a temporary password for an approved CODEC streaming session using a one-time password that is not repeated and does not match any other user or administrative password. Note: This is a requirement whether steaming from a CODEC is approved or not. Interview VTC/CODEC administrators and user/operators to verify that they have received training on the vulnerabilities of streaming, recognition of CODEC streaming, and how to deactivate streaming when it is active. Have a sampling of these individuals demonstrate their knowledge. . This is a finding if deficiencies are found in any of these areas. Note the deficiencies in the finding details.

Fix text

[IP]; In the event the VTU/CODEC is connected to an IP based LAN, and if the CODEC supports streaming, Perform the following tasks: - Train CODEC user/operators and administrators regarding CODEC streaming addressing the following: > User awareness regarding the vulnerabilities streaming from a CODEC presents to conference confidentiality. > User awareness regarding accidental activation of streaming. > How to recognize the displayed indication provided by the VTU that it is in streaming mode. > How to terminate streaming, particularly if the CODEC should not be streaming. Additionally include this information in user’s agreements and guides.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer