Title

The Enterprise Voice, Video, and Messaging Endpoint must be configured to register with an Enterprise Voice, Video, and Messaging Session Manager. (Cat I impact)

Discussion

For most VoIP systems, registration is the process of centrally recording the user ID, endpoint MAC address, service/policy profile with two-stage authentication prior to authorizing the establishment of the session and user service. The event of successful registration creates the session record immediately. VC systems register using a similar process with a gatekeeper. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.

Check Content

Verify the Enterprise Voice, Video, and Messaging Endpoint registers with an Enterprise Voice, Video, and Messaging Session Manager. If the Enterprise Voice, Video, and Messaging Endpoint does not register with an Enterprise Voice, Video, and Messaging Session Manager, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Endpoint to register with an Enterprise Voice, Video, and Messaging Session Manager.

Additional Identifiers

Rule ID: SV-259942r956070_rule

Vulnerability ID: V-259942

Group Title: SRG-NET-000015

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.