The organization must review the Voice Video system every 30 days to identify unnecessary and nonsecure functions, ports, protocols, and services.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300287

Associated with: CCI-000384

VVSP-01-000055_rule The organization must review the Voice Video system every 30 days to identify unnecessary and nonsecure functions, ports, protocols, and services.

Vulnerability discussion

Information systems provide a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). Organizations review functions and services provided by information systems or individual components of information systems to determine which functions and services are candidates for elimination. Organizations can use network scanning tools, intrusion detection and prevention systems, and end-point protections such as firewalls to prevent the use of prohibited functions, ports, protocols, and services.The organization can either make a determination of the relative security of the function, port, protocol, and/or service or base the security decision on the assessment of other entities. Bluetooth, FTP, and peer-to-peer networking are examples of less than secure protocols.

Check content

Review the Voice Video configuration management policy and associated configuration management controls audit trail of reviews and updates to confirm the organization reviews the Voice Video system every 30 days for unnecessary and nonsecure functions, ports, protocols, and services. If the Voice Video configuration management policy and associated configuration management controls audit trail of reviews and updates do not confirm the organization reviews the Voice Video system every 30 days for unnecessary and nonsecure functions, ports, protocols, and services, this is a finding.

Fix text

Develop and document procedures for the Voice Video configuration management policy and associated configuration management controls as follows: - Every 30 days, review the Voice Video system documentation to identify unnecessary and nonsecure functions, ports, protocols, and services. - Recommend any unnecessary and nonsecure functions, ports, protocols, and services for disablement. - Create or update the review activity as an audit trail. - Update the implementation procedures as appropriate.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer