The organization must review and update procedures to facilitate the implementation of the Call Detail Record (CDR) policy and associated audit controls annually.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300140

Associated with: CCI-000122

VVSP-01-000029_rule The organization must review and update procedures to facilitate the implementation of the Call Detail Record (CDR) policy and associated audit controls annually.

Vulnerability discussion

The audit and accountability procedures implement audit and accountability policy. Organizational procedures must reflect applicable NIST and STIG guidance by determining applicable STIGs and SRGs and identifying the applicable audit and accountability controls and procedures.Regular review and update of the implementation procedures for the CDR policy and associated controls ensures appropriate records are kept and maintained. When Voice Video compliance requirements are generated based on the STIGs and SRGs, an annual review of the applicable list of STIGs and SRGs is required. Locally generated compliance requirements sources must also be updated.

Check content

Review the procedures to facilitate the CDR policy and associated access controls audit trail of reviews and updates to confirm the organization reviews and updates the implementation procedures annually. If the procedures to facilitate the CDR policy and associated access controls audit trail of reviews and updates does not confirm annual review and update, this is a finding.

Fix text

Annually review the procedures to facilitate the implementation of CDR policy and associated access controls. Update the implementation procedures as appropriate. Maintain an audit trail of review and update activity.

Pro Tips

Powered by sagemincer