In addition to a general access control policy, the organization must develop and document a specific Voice Video access control policy for dial plans, session control, and remote access that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

From Voice Video Policy Security Technical Implementation Guide

Associated with: CCI-000001

VVSP-01-000001_rule In addition to a general access control policy, the organization must develop and document a specific Voice Video access control policy for dial plans, session control, and remote access that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Vulnerability discussion

The Voice Video access control policy addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. It also contains procedures to facilitate the implementation of the access control policy and associated controls.The access control policy can be one document or several documents, broken down by technology or information system type (e.g., a separate operating system and database access control policy document). Breaking the document into components may help with targeted dissemination and simplify making updates. The policy documents the security requirements and configuration. The policy must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance (e.g., DISA STIGs, FIPS, and NIST SP 800-53).Developing and documenting the Voice Video access control policy addressing dial plans, session control, and remote access augments the organization plan, ensuring consistent policies are applied regardless of vendor or platform deployed. A consistently applied policy also helps mitigate the risk from weaker Voice Video system implementations presenting possible attack vectors for the enterprise.

Check content

Review the organization-specific Voice Video access control policy containing documentation for dial plans, session control, and remote access that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. if the Voice Video access control policy does not contain specific documentation for dial plans, session control, and remote access or address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, this is a finding.

Fix text

Develop and document the specific Voice Video access control policy for dial plans, session control, and remote access that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.