The organization must implement a process for conducting Voice Video security training annually.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300650

Associated with: CCI-003005

VVSP-01-000198_rule The organization must implement a process for conducting Voice Video security training annually.

Vulnerability discussion

Organizations must provide oversight for the security testing, training, and monitoring activities conducted organization-wide and ensure that those activities are coordinated. Often organizations coordinate and consolidate the testing activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. For Voice Video systems, much of the risk is mitigated through user education. Users must understand their role in operating Voice Video systems with security in mind. Further, users must be trained that these systems are necessary for communications at multiple classification levels, often within the same environment. A thorough awareness of the mission/business function each system performs is essential. A comprehensive training plan provides a framework for ensuring users are informed all relevant areas.

Check content

Review the organizational Voice Video training plan. Verify that a process has been implemented for ensuring that Voice Video security training is conducted. Training must be conducted for all users of Voice Video systems. The training must include the rules that describe user responsibilities and expected behavior with regard to Voice Video system usage. Specifically, the following areas must be addressed: - Responsibilities and restrictions for using the DISN Voice Precedence service; - Accessing fire and emergency services (FES) and proper reporting of events; - Operation of allowable services; - Restrictions when using unclassified services in classified areas; and - Restrictions when using classified services in areas where unclassified service is provided. If the organization does not conduct Voice Video security training annually and include the above areas of service information, this is a finding.

Fix text

Document the organizational Voice Video training plan, including a process for conducting Voice Video security training annually. Conduct training for all users of Voice Video systems. The training must include the rules that describe user responsibilities and expected behavior with regard to Voice Video system usage. Specifically, the following areas must be addressed: - Responsibilities and restrictions for using the DISN Voice Precedence service; - Accessing fire and emergency services (FES) and proper reporting of events; - Operation of allowable services; - Restrictions when using unclassified services in classified areas; and - Restrictions when using classified services in areas where unclassified service is provided.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer