The Voice Video Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.

From Voice Video Session Management Security Requirements Guide

Associated with: CCI-000169

SV-76575r1_rule The Voice Video Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.

Vulnerability discussion

Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are generated from several components within the Voice Video system (e.g., session manager, session border control, gateway, gatekeeper, or endpoints).Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. Additionally, an adversary must not be able to modify or delete session records.

Check content

Verify the Voice Video Session Manager produces session records for events determined to be significant and relevant by local policy. If the Voice Video Session Manager does not produce session records for events determined to be significant and relevant by local policy, this is a finding.

Fix text

Configure the Voice Video Session Manager to produce session records for events determined to be significant and relevant by local policy.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.