From Voice Video Policy Security Technical Implementation Guide
Part of SRG-POL-300605
Associated with: CCI-001639
Organizations consider rules of behavior based on individual user roles and responsibilities. Rules of behavior for both organizational and non-organizational users are essential for general unclassified communications and other specific or classified communications, which may require restrictions for those who may participate. The signed acknowledgment (user agreement) may be satisfied by the security awareness training and role-based security training programs conducted by organizations if such training includes rules of behavior.
Review the organizational Voice Video training plan. Verify the plan includes user training regarding Voice Video endpoints with speakerphone or microphone capability to potentially pick up and transmit sensitive or classified information. Prior to operating unclassified Voice Video endpoints with speakerphone or microphone capability, users must be trained specifically on the following: - Endpoint location must be limited to conference rooms, sole-use offices, and areas with sound attenuation. - All room occupants must be notified about the use of the endpoint. - All room occupants must be notified for awareness about the classification of conversations taking place. - All room occupants must be notified about their responsibility for taking the necessary precautions to ensure that the classified discussion is not overheard. - Secure endpoints must be configured to prevent speaker enablement in the non-secure mode. - Incidents of possible security compromise or violation must be reported immediately to the appropriate personnel. If the organizational Voice Video training plan does not include user training regarding Voice Video endpoints with speakerphone or microphone capability to potentially pick up and transmit sensitive or classified information, this is a finding. NOTE: This requirement is relevant for all session classification levels. The session classification is dependent on the classification of the network and facility. Classified communications may occur at the same level as the network and facility, but communications at a lower classification or no classification (e.g., Unclassified or For Official User Only [FOUO]) may also occur in the same environment.
Document in the organizational Voice Video training plan training material that includes Voice Video endpoints with speakerphone or microphone capability to potentially pick up and transmit sensitive or classified information. Prior to operating unclassified Voice Video endpoints with speakerphone or microphone capability, users must be trained specifically on the following: - Endpoint location must be limited to conference rooms, sole-use offices, and areas with sound attenuation. - All room occupants must be notified about the use of the endpoint. - All room occupants must be notified for awareness of the classification of conversations taking place. - All room occupants must be notified about their responsibility for taking the necessary precautions to ensure that the classified discussion is not overheard. - Secure endpoints must be configured to prevent speaker enablement in the non-secure mode. - Incidents of possible security compromise or violation must be reported immediately to the appropriate personnel.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer