The organization must review Voice Video training plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300653

Associated with: CCI-003008

VVSP-01-000199_rule The organization must review Voice Video training plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Vulnerability discussion

Organizations must provide oversight for the security testing, training, and monitoring activities conducted organization-wide and ensure that those activities are coordinated. Often organizations coordinate and consolidate the testing activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. For Voice Video systems, much of the risk is mitigated through user education. Users must understand their role in operating Voice Video systems with security in mind. Further, users must be trained that these systems are necessary for communications at multiple classification levels, often within the same environment. A thorough awareness of the mission/business function each system performs is essential. A comprehensive training plan provides a framework for ensuring users are informed all relevant areas.

Check content

Review the organizational Voice Video training plan. Verify that it includes a documented history of Voice Video training plan review and evaluates the Voice Video training plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions. If the organization does not review Voice Video training plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions, this is a finding.

Fix text

Document the organizational Voice Video training plan history of reviews. The review must evaluate the Voice Video training plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer