The organization must provide and document a rationale for why the list of Call Detail Record (CDR) events is deemed to be adequate to support after-the-fact investigations of security incidents.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300143

Associated with: CCI-000125

VVSP-01-000032_rule The organization must provide and document a rationale for why the list of Call Detail Record (CDR) events is deemed to be adequate to support after-the-fact investigations of security incidents.

Vulnerability discussion

An event is any observable occurrence in an organizational information system. Organizations identify audit events as events that are significant and relevant to the security of information systems and the environments in which those systems operate in order to meet specific and ongoing audit needs. For Voice Video systems, session events produce CDRs used for traffic and forensic analysis. The CDR contains the who, what, where, when, and how for the Voice Video elements handling signaling and media traffic. The loss or alteration of these records could allow an adversary to perform attacks undetected.

Check content

Review the CDR policy and supporting documentation for the rationale of why the CDR events list is adequate to support after-the-fact investigations of security incidents. If the CDR policy or supporting documentation does not contain a rationale for why the CDR events list is adequate to support after-the-fact investigations of security incidents, this is a finding.

Fix text

Develop and document in the CDR policy or supporting documentation the rationale for why the CDR events list is adequate to support after-the-fact investigations of security incidents.

Pro Tips

Powered by sagemincer