The Voice Video Endpoint must register with a Voice Video Session Manager.

From Voice Video Endpoint Security Requirements Guide

Part of SRG-NET-000015-VVEP-00013

Associated with: CCI-000213

SV-82475r2_rule The Voice Video Endpoint must register with a Voice Video Session Manager.

Vulnerability discussion

Authentication must not automatically give an entity access to an asset. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Registration authenticates and authorizes endpoints with the Voice Video Session Manager.For most VoIP systems, registration is the process of centrally recording the user ID, endpoint MAC address, service/policy profile with 2 stage authentication prior to authorizing the establishment of the session and user service. The event of successful registration creates the session record immediately. VC systems register using a similar process with a gatekeeper. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.

Check content

Verify the Voice Video Endpoint registers with a Voice Video Session Manager. If the Voice Video Endpoint does not registers with a Voice Video Session Manager, this is a finding.

Fix text

Configure the Voice Video Endpoint to register with a Voice Video Session Manager.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer