From Voice Video Endpoint Security Requirements Guide
Part of SRG-NET-000132-VVEP-00059
Associated with: CCI-000382
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems. Voice video endpoints are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Additionally, it is sometimes convenient to provide multiple services from a single component but doing so increases risk compared to limiting the services provided by any one component.
Verify the Voice Video Endpoint only uses ports, protocols, and services allowed per the PPSM CAL and VAs. If the Voice Video Endpoint uses ports, protocols, and services not allowed per the PPSM CAL and VAs, this is a finding.
Configure the Voice Video Endpoint to only use ports, protocols, and services allowed per the PPSM CAL and VAs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer