An unapproved Instant Messaging (IM) or Unified Capabilities (UC) soft client must not be used on Government Furnished Equipment (GFE).

From Voice Video Services Policy STIG

Part of VVoIP 1990

SV-17105r2_rule An unapproved Instant Messaging (IM) or Unified Capabilities (UC) soft client must not be used on Government Furnished Equipment (GFE).

Vulnerability discussion

DoD policies disallow general PC users from installing any unapproved application on their workstations or from attaching any unapproved or non-government furnished devices to them. Other DoD policies require users of GFE to limit their use to official business and not use them for personal business or other personal activities. Installation of VoIP and IM clients that associate themselves with, and connect to a public VoIP or IM service places the DoD system on which the client is installed at risk of, and provides an avenue for, its compromise and unauthorized access. Once compromised, the system could be used as a launching point for further compromise of the network or other DoD systems. Additionally, the use of these services also places the confidentiality of DoD information conveyed by them at risk. Such information could be sensitive or the collection of non-sensitive information over time could reveal sensitive information. Some services use standard ports 80 and 443 for web services which are generally never blocked.

Check content

Review site documentation to confirm a policy and procedure prevents an unapproved IM or UC soft client from being used on GFE. Prohibited clients and services include: - Yahoo Messenger - America Online (AOL) Instant Messenger (AIM) - Microsoft Network (MSN) Messenger - Skype - Freshtel - Google Hangouts (formerly Talk) - Magic Jack (A hardware USB ATA and UC soft client) - Soft clients associated with home telephone service from carriers such as Verizon. AT&T, and Quest, cable carriers such as Comcast and Cox, or competing VoIP carriers such as Vonage. If a policy and procedure does not prevent use of an unapproved IM or UC soft client on GFE, this is a finding. If unapproved clients or services are in use by site personnel, this is a finding.

Fix text

Implement site policy and procedure to prevent the use of unapproved IM or UC soft client on GFE. Uninstall all unapproved IM or UC soft clients on site GFE.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer