The organization must capture Voice Video events for the type of session connection, when (date and time) the connection was established, when (date and time) the connection terminated, where the connection originated, the outcome (status) of the connection, the identity of the initiator of the call, the identity of all users, and events determined to be significant and relevant by local policy, which provide information necessary for corrective actions without revealing personally identifiable information or sensitive information in the Call Detail Record (CDR).

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300141

Associated with: CCI-000123

VVSP-01-000030_rule The organization must capture Voice Video events for the type of session connection, when (date and time) the connection was established, when (date and time) the connection terminated, where the connection originated, the outcome (status) of the connection, the identity of the initiator of the call, the identity of all users, and events determined to be significant and relevant by local policy, which provide information necessary for corrective actions without revealing personally identifiable information or sensitive information in the Call Detail Record (CDR).

Vulnerability discussion

An event is any observable occurrence in an organizational information system. Organizations identify audit events as events that are significant and relevant to the security of information systems and the environments in which those systems operate in order to meet specific and ongoing audit needs. For Voice Video systems, session events produce Call Detail Records (CDRs) used for traffic and forensic analysis. The CDR contains the who, what, where, when, and how for the Voice Video elements handling signaling and media traffic. The loss or alteration of these records could allow an adversary to perform attacks undetected.

Check content

Review the procedures to facilitate CDR policy to confirm the following auditable Voice Video events are captured in the CDR: - Type of session connection - When (date and time) the connection was established - When (date and time) the connection terminated - Where the connection originated - Outcome (status) of the connection - Identity of the initiator of the call - Identity of all users - Events determined to be significant and relevant by local policy Further, review the procedures to facilitate CDR policy to confirm the information necessary for corrective actions is provided without revealing personally identifiable information or sensitive information in the CDR. If the procedures to facilitate CDR policy do not implement a method to capture the above auditable Voice Video events in the CDR, this is a finding. If the procedures to facilitate CDR policy do not provide information necessary for corrective actions without revealing personally identifiable information or sensitive information in the CDR, this is a finding.

Fix text

Develop and document in the procedures to facilitate CDR policy how the following auditable Voice Video events are captured in the CDR: - Type of session connection - When (date and time) the connection was established - When (date and time) the connection terminated - Where the connection originated - Outcome (status) of the connection - Identity of the initiator of the call - Identity of all users - Events determined to be significant and relevant by local policy Develop and document in the procedures to facilitate CDR policy how the CDR will provide information necessary for corrective actions without revealing personally identifiable information or sensitive information. Make the changes necessary to facilitate the procedures to implement CDR policy.

Pro Tips

Powered by sagemincer