The organization must review and update the Call Detail Record (CDR) policy annually.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300139

Associated with: CCI-000119

VVSP-01-000028_rule The organization must review and update the Call Detail Record (CDR) policy annually.

Vulnerability discussion

The audit and accountability policy addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. It also contains procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls.The audit and accountability policy can be one document or several documents, broken down by technology or information system type (e.g., a separate operating system and database audit and accountability policy document). Breaking the document into components may help with targeted dissemination and simplify making updates. The policy documents the security requirements and configuration. The policy must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance (e.g., DISA STIGs, FIPS, and NIST SP 800-53).Regular review and update of the Call Detail Record (CDR) policy ensures appropriate records are kept and maintained. When Voice Video compliance requirements are generated based on the STIGs, an annual review of the applicable list of STIGs is required. Locally generated compliance requirements sources must also be updated.

Check content

Review the CDR policy audit trail of reviews and updates to confirm the organization reviews and updates the CDR policy annually. If the CDR policy audit trail of reviews and updates does not confirm annual review and update, this is a finding.

Fix text

Annually review the CDR policy governing all Voice Video systems that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance, to include storage and retention of records. Update the CDR policy as appropriate. Maintain an audit trail of review and update activity.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer