The organization must review and update the procedures to facilitate the implementation of the Voice Video configuration management policy and associated configuration management controls annually.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300220

Associated with: CCI-000292

VVSP-01-000054_rule The organization must review and update the procedures to facilitate the implementation of the Voice Video configuration management policy and associated configuration management controls annually.

Vulnerability discussion

The configuration management policy addresses the establishment of policy and procedures for the effective implementation of configuration management, to include change control, security impact analysis, access restrictions for change, configuration settings, least functionality, component inventory, and management. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance.Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or, conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems when needed.Regular review and update of the Voice Video configuration management policy and implementation procedures ensures new vulnerabilities are mitigated by current effective strategies. When Voice Video compliance requirements are generated based on the STIGs, an annual review of the applicable list of STIGs is required. Locally generated compliance requirements sources must also be updated.

Check content

Review the procedures to facilitate organization-specific Voice Video configuration management policy and associated configuration management controls audit trail of reviews and updates to confirm the organization reviews and updates the implementation procedures annually. if the procedures to facilitate Voice Video configuration management policy and associated configuration management controls audit trail of reviews and updates do not confirm annual review and update, this is a finding.

Fix text

Annually review the procedures to facilitate the implementation of organization-specific Voice Video configuration management policy and associated configuration management controls. Update the implementation procedures as appropriate. Maintain an audit trail of review and update activity.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer