The organization must provide user guides identifying the proper use of Unified Capabilities (UC) and Video Conferencing (VC) soft client applications to soft client users.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300605

Associated with: CCI-001639

VVSP-01-000137_rule The organization must provide user guides identifying the proper use of Unified Capabilities (UC) and Video Conferencing (VC) soft client applications to soft client users.

Vulnerability discussion

Organizations consider rules of behavior based on individual user roles and responsibilities. Rules of behavior for both organizational and non-organizational users are essential for general unclassified communications and other specific or classified communications, which may require restrictions for those who may participate. The signed acknowledgment (user agreement) may be satisfied by the security awareness training and role-based security training programs conducted by organizations if such training includes rules of behavior.For Voice Video systems, the unclassified phone system typically also performs as an emergency contact system. Callers may need to report conditions for fire and emergency services (FES). Additionally, mission-critical decision-making users may need to initiate or receive high-priority calls for dissemination of crisis information using the DISN Voice Precedence services. Users must be trained to know and practice correct handling of these calls, and must sign agreements prior to use. Other Voice Video systems, such as video conferencing and classified systems, may warrant additional user training and agreements.Additional issues may result from using UC soft clients for mission-critical communications. Users must be aware of these limitations and may require backup or parallel communications capability.

Check content

Review the organizational UC and VC soft client user guides. Verify the user guides are provided to all UC and VC soft client users. Verify the user guides address: - Awareness that UC soft clients for mission-critical decision-making communications may not provide adequate assured service and may require backup communications methods; - Awareness of the various aspects of the application's safe and proper use, as well as the application or service vulnerabilities; - Sharing control of a user's PC or applications with other users they are familiar with and who are identifiable as trustworthy; - Prohibiting the use of personally provided UC or VC soft client accessories; - Awareness of the bridging risks associated with UC and VC soft client accessories; and - Prohibiting the use of non-approved applications and hardware. If the organizational UC and VC soft client user guides are not provided to all UC and VC soft client users, this is a finding. If the organizational UC and VC soft client user guides do not address the specific items above, this is a finding.

Fix text

Document and disseminate organizational UC and VC soft client user guides. Provide the user guides to all UC and VC soft client users. Ensure the user guides address: - Awareness that UC soft clients for mission-critical decision-making communications may not provide adequate assured service and may require backup communications methods; - Awareness of the various aspects of the application's safe and proper use, as well as the application or service vulnerabilities; - Sharing control of a user's PC or applications with other users they are familiar with and who are identifiable as trustworthy; - Prohibiting the use of personally provided UC or VC soft client accessories; - Awareness of the bridging risks associated with UC and VC soft client accessories; and - Prohibiting the use of non-approved applications and hardware.

Pro Tips

Powered by sagemincer