In addition to general audit and accountability policy, the organization must develop and document a Call Detail Record (CDR) policy governing all Voice Video systems that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, to include storage and retention of records.

From Voice Video Policy Security Technical Implementation Guide

Associated with: CCI-000117

VVSP-01-000024_rule In addition to general audit and accountability policy, the organization must develop and document a Call Detail Record (CDR) policy governing all Voice Video systems that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, to include storage and retention of records.

Vulnerability discussion

The audit and accountability policy addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. It also contains procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls.The audit and accountability policy can be one document or several documents, broken down by technology or information system type (e.g., a separate operating system and database audit and accountability policy document). Breaking the document into components may help with targeted dissemination and simplify making updates. The policy documents the security requirements and configuration. The policy must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance (e.g., DISA STIGs, FIPS, and NIST SP 800-53).Developing and documenting the CDR policy addressing session initiation, status, and participants, using common date and time elements, provides records from each Voice Video element for both traffic and forensic analysis.

Check content

Review the CDR policy containing documentation governing all Voice Video systems that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, to include storage and retention of records. If the CDR policy does not contain specific documentation governing all Voice Video systems that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, to include storage and retention of records, this is a finding.

Fix text

Develop and document the CDR policy governing all Voice Video systems that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, to include storage and retention of records.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.