The organization must review and update the Voice Video access control policy annually.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300005

Associated with: CCI-000003

VVSP-01-000005_rule The organization must review and update the Voice Video access control policy annually.

Vulnerability discussion

The Voice Video access control policy addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. It also contains procedures to facilitate the implementation of the access control policy and associated controls.The access control policy can be one document or several documents, broken down by technology or information system type (e.g., a separate operating system and database access control policy document). Breaking the document into components may help with targeted dissemination and simplify making updates. The policy documents the security requirements and configuration. The policy must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance (e.g., DISA STIGs, FIPS, and NIST SP 800-53).Regular review and update of the Voice Video access control policy ensures new vulnerabilities are mitigated by current effective strategies. When Voice Video compliance requirements are generated based on the STIGs, an annual review of the applicable list of STIGs is required. Locally generated compliance requirements sources must also be updated.

Check content

Review the organization-specific Voice Video access control policy audit trail of reviews and updates to confirm the organization reviews and updates the access control policy annually. If the Voice Video access control policy audit trail of reviews and updates does not confirm annual review and update, this is a finding.

Fix text

Annually review the organization-specific Voice Video access control policy for dial plans, session control, and remote access that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. Update the Voice Video access control policy as appropriate. Maintain an audit trail of review and update activity.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer