From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300287
Associated with: CCI-000384
Information systems provide a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). Organizations review functions and services provided by information systems or individual components of information systems to determine which functions and services are candidates for elimination. Organizations can use network scanning tools, intrusion detection and prevention systems, and end-point protections such as firewalls to prevent the use of prohibited functions, ports, protocols, and services.
Review the Voice Video configuration management policy and associated configuration management controls audit trail of reviews and updates to confirm the organization reviews the Voice Video system every 30 days for unnecessary and nonsecure functions, ports, protocols, and services. If the Voice Video configuration management policy and associated configuration management controls audit trail of reviews and updates do not confirm the organization reviews the Voice Video system every 30 days for unnecessary and nonsecure functions, ports, protocols, and services, this is a finding.
Develop and document procedures for the Voice Video configuration management policy and associated configuration management controls as follows: - Every 30 days, review the Voice Video system documentation to identify unnecessary and nonsecure functions, ports, protocols, and services. - Recommend any unnecessary and nonsecure functions, ports, protocols, and services for disablement. - Create or update the review activity as an audit trail. - Update the implementation procedures as appropriate.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer