The organization must disseminate the Call Detail Record (CDR) policy to the ISSO and ISSM and others as the local organization deems appropriate.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300136

Associated with: CCI-001832

VVSP-01-000025_rule The organization must disseminate the Call Detail Record (CDR) policy to the ISSO and ISSM and others as the local organization deems appropriate.

Vulnerability discussion

The audit and accountability policy addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. It also contains procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls.The audit and accountability policy can be one document or several documents, broken down by technology or information system type (e.g., a separate operating system and database audit and accountability policy document). Breaking the document into components may help with targeted dissemination and simplify making updates. The policy documents the security requirements and configuration. The policy must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance (e.g., DISA STIGs, FIPS, and NIST SP 800-53).Disseminating the CDR policy addressing session initiation, status, and participants, using common date and time elements, to the ISSO and ISSM, and others as the local organization deems appropriate, reduces the likelihood of individuals putting the Voice Video system at risk, either deliberately or inadvertently. Dissemination techniques may include sending the CDR policy via email, posting on wiki or in SharePoint repositories, STIG, configuration guides, and other forms of communication.

Check content

Interview the ISSO and ISSM to ensure the CDR policy was disseminated to them and others as the local organization deems appropriate. Methods for disseminating the CDR policy include sending the policy via email, posting on wiki or in SharePoint repositories, and other forms of documented communication. If the CDR policy is not disseminated via the organizations information-sharing capability to the ISSO and ISSM, and other personnel the local organization deems appropriate, this is a finding.

Fix text

Disseminate the specific CDR policy to the ISSO and ISSM and others as the local organization deems appropriate.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer