The organization must receive a signed acknowledgment from individuals requiring access to the Voice Video system, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to the Voice Video system.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300606

Associated with: CCI-000593

VVSP-01-000139_rule The organization must receive a signed acknowledgment from individuals requiring access to the Voice Video system, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to the Voice Video system.

Vulnerability discussion

Organizations consider rules of behavior based on individual user roles and responsibilities. Rules of behavior for both organizational and non-organizational users are essential for general unclassified communications and other specific or classified communications, which may require restrictions for those who may participate. The signed acknowledgment (user agreement) may be satisfied by the security awareness training and role-based security training programs conducted by organizations if such training includes rules of behavior.For Voice Video systems, the unclassified phone system typically also performs as an emergency contact system. Callers may need to report conditions for fire and emergency services (FES). Additionally, mission-critical decision-making users may need to initiate or receive high-priority calls for dissemination of crisis information using the DISN Voice Precedence services. Users must be trained to know and practice correct handling of these calls and must sign agreements prior to use. Other Voice Video systems, such as video conferencing and classified systems, may warrant additional user training and agreements.

Check content

Review the organizational Voice Video endpoint user agreement. Verify the organization receives a signed acknowledgment from all individuals requiring access to the Voice Video system, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to Voice Video system. Verify the user agreement asserts that all Voice Video users understand their responsibilities and limitations for: - Accessing FES and properly reporting events; - Accessing DISN Voice Precedence by authorized mission-critical decision makers; and - Reporting of adversarial calls. Verify the user agreement for UC and VC soft client users asserts the following responsibilities and limitations: - Awareness that UC soft clients for mission-critical decision-making communications may not provide adequate assured service and may require backup communications methods; - Awareness of the various aspects of the application's safe and proper use, as well as the application or service vulnerabilities; - Sharing control of a user's PC or applications with other users they are familiar with and who are identifiable as trustworthy; - Prohibiting the use of personally provided UC or VC soft client accessories; - Awareness of the bridging risks associated with UC and VC soft client accessories; and - Prohibiting the use of non-approved applications and hardware. For users in areas where classified information may be present or discussed, verify the user agreement also addresses: - Use of push-to-talk (PTT) and push-to-see (PTS) features; - Use of classified speakerphones or videophones that may be overheard or overseen; - Precautions for unclassified endpoint use to prevent hearing or seeing sensitive or classified information; - Positioning of Voice Video endpoint displays; and - Additional FES considerations. If the organizational Voice Video endpoint user agreements are not signed by all individuals requiring access to the Voice Video system and retained by the location, this is a finding. If the organizational Voice Video endpoint user agreements do not include the information stated above, this is a finding.

Fix text

Document and disseminate organizational Voice Video endpoint user agreements. Ensure the organization receives a signed acknowledgment from all individuals requiring access the Voice Video system, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to Voice Video system. Ensure the user agreement asserts that all Voice Video users understand their responsibilities and limitations for: - Accessing FES and properly reporting events; - Accessing DISN Voice Precedence by authorized mission-critical decision makers; and - Reporting of adversarial calls. Ensure the user agreement for UC and VC soft client users asserts the following responsibilities and limitations: - Awareness that UC soft clients for mission-critical decision-making communications may not provide adequate assured service and may require backup communications methods; - Awareness of the various aspects of the application's safe and proper use, as well as the application or service vulnerabilities; - Sharing control of a user's PC or applications with other users they are familiar with and who are identifiable as trustworthy; - Prohibiting the use of personally provided UC or VC soft client accessories; - Awareness of the bridging risks associated with UC and VC soft client accessories; and - Prohibiting the use of non-approved applications and hardware. For users in areas where classified information may be present or discussed, ensure the user agreement also addresses: - Use of push-to-talk (PTT) and push-to-see (PTS) features; - Use of classified speakerphones or videophones that may be overheard or overseen; - Precautions for unclassified endpoint use to prevent hearing or seeing sensitive or classified information; - Positioning of Voice Video endpoint displays; and - Additional FES considerations.

Pro Tips

Powered by sagemincer