A PC communications application is operated with administrative or root level privileges.

From Voice Video Services Policy STIG

Part of Deficient Config: PC Comm App Operating Privilege

SV-17102r1_rule A PC communications application is operated with administrative or root level privileges.

Vulnerability discussion

PC voice, video, UC, and collaboration communications applications must not be operated in a manner that can compromise the platform if the application itself becomes compromised. One way to mitigate this possibility is to ensure that the application does not require administrative privileges to operate and that it is not operated with privileges that could be used to compromise the platform, other applications, or the network.

Check content

Interview the IAO to validate compliance with the following requirement: Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges. Determine if the installed PC voice, video, UC, or collaboration communications application(s) requires and/or is configured to operate with administrative privileges. Inspect a random sampling of PC voice, video, UC, or collaboration communications applications to determine if they are configured to operate with administrative privileges. This is a finding if a PC voice, video, UC, or collaboration communications application requires with administrative privileges to operate or if the application or platform is configured such that the application runs with administrative privileges. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.

Fix text

Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges. Configure the application and/or platform to not operate with administrative privileges or un-install it. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer