From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300141
Associated with: CCI-000123
An event is any observable occurrence in an organizational information system. Organizations identify audit events as events that are significant and relevant to the security of information systems and the environments in which those systems operate in order to meet specific and ongoing audit needs.
Review the procedures to facilitate CDR policy to confirm the following auditable Voice Video events are captured in the CDR: - Type of session connection - When (date and time) the connection was established - When (date and time) the connection terminated - Where the connection originated - Outcome (status) of the connection - Identity of the initiator of the call - Identity of all users - Events determined to be significant and relevant by local policy Further, review the procedures to facilitate CDR policy to confirm the information necessary for corrective actions is provided without revealing personally identifiable information or sensitive information in the CDR. If the procedures to facilitate CDR policy do not implement a method to capture the above auditable Voice Video events in the CDR, this is a finding. If the procedures to facilitate CDR policy do not provide information necessary for corrective actions without revealing personally identifiable information or sensitive information in the CDR, this is a finding.
Develop and document in the procedures to facilitate CDR policy how the following auditable Voice Video events are captured in the CDR: - Type of session connection - When (date and time) the connection was established - When (date and time) the connection terminated - Where the connection originated - Outcome (status) of the connection - Identity of the initiator of the call - Identity of all users - Events determined to be significant and relevant by local policy Develop and document in the procedures to facilitate CDR policy how the CDR will provide information necessary for corrective actions without revealing personally identifiable information or sensitive information. Make the changes necessary to facilitate the procedures to implement CDR policy.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer