Title

The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the identity of all users. (Cat II impact)

Discussion

Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. Audit records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing audit records and instead rely on session management and border elements. Enterprise Voice, Video, and Messaging Endpoints capable of producing audit records provide supplemental confirmation of monitored events. Enterprise Voice, Video, and Messaging Endpoints that communicate beyond these defined environments must generate audit records.

Check Content

Verify the Enterprise Voice, Video, and Messaging Endpoint produces session records containing the identity of all users on the call. If the Enterprise Voice, Video, and Messaging Endpoint does not produce session records containing the identity of all users on the call, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Endpoint to produce session records containing the identity of all users on the call.

Additional Identifiers

Rule ID: SV-259960r948847_rule

Vulnerability ID: V-259960

Group Title: SRG-NET-000079

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.