The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint user access.

From Voice Video Session Management Security Requirements Guide

Part of SRG-NET-000321

Associated with: CCI-000366 CCI-002178

SV-76601r1_rule The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint user access.

Vulnerability discussion

Without the enforcement of immediate change to privilege levels, users and devices may not provide the correct level of service. Privileges include access to outside connections, precedence, and preemption capabilities. A user with higher precedence and preemption capability may supplant users authorized higher levels of access. Endpoint users must be limited to the privileges needed to conduct business and changes to privileges must be enforced immediately.Access authorizations should be dynamic to reflect changing conditions; if a revocation is not enforced in a timely manner, users may have inappropriate access. Revocation of access rules may differ based on the types of access revoked. For example, if a subject (i.e., user or process) is removed from a group, access may not be revoked until the next time the object (e.g., file) is opened or until the next time the subject attempts a new access to the object. Revocation based on changes to security labels may take effect immediately. It may be necessary to immediately revoke access in certain circumstances (i.e., a compromised account is being used). This may be mitigated by implementing SRG-NET-000321-VVSM-00008.

Check content

Verify the Voice Video Session Manager immediately enforces change to privileges of Voice Video endpoint user access. Privileges include access to outside connections, precedence, and preemption capabilities. If the Voice Video Session Manager does not immediately enforce changes to privileges of Voice Video endpoint user access, this is a finding.

Fix text

Configure the Voice Video Session Manager to immediately enforce changes to privileges of Voice Video endpoint user access.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer