The Video Conferencing (VC) system implementing a single CODEC supporting conferences on multiple networks having different classification levels must sanitize non-volatile memory while transitioning between networks by overwriting all configurable parameters with null settings before reconfiguring the CODEC for connection to the next network. - Voice Video Policy Security Technical Implementation Guide

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services, and any other specific protection needs.A factory reset is the software restore of an electronic device to its original system state by erasing all of the information stored on the device to restore the device to its original factory or unconfigured settings. This erases all data, settings, and applications that were previously on the device. Factory reset may be used as part of the sanitization process.

Check content

If the Voice Video system does not implement a single CODEC supporting conferences on multiple networks having different classification levels, this is not applicable. Review the Voice Video SSP for the system. Confirm the VC system has an automated configuration management system configured to sanitize and reconfigure the CODEC when transitioning between networks. For a unit not implementing an automated process, review documentation to determine whether a manual procedure is specified and implemented when transitioning between networks; this will result in a CAT III finding if these conditions are met and a CAT II finding if they are not. If the VC system has an automated configuration management system configured to sanitize and reconfigure the CODEC when transitioning between networks, this is not a finding. If an automatic capability exists but is not being implemented or an automated configuration management system is not being used, this is a CAT II finding. If a manual procedure is used to perform a factory reset and/or overwrite all configurable parameters with null settings before reconfiguring the CODEC for connection to the next network, this is a CAT III finding. If the unit is not being sanitized when transitioning between networks, this is a CAT II finding.

Fix text

Obtain a VC system that has an automated sanitization capability. Implement and document a procedure, and any configurations, in the Voice Video SSP that uses this capability to sanitize the CODEC when transitioning between networks. As a last resort, implement and document a manual sanitization/reconfiguration procedure to perform this function. Document the solution in the Voice Video SSP for this system.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Vulnerability discussion

Check content

Fix text

Pro Tips