Title

The Enterprise Voice, Video, and Messaging Endpoint must generate audit records for privileged activities or other system-level access. (Cat II impact)

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit records are commonly produced by session management and border elements. Many Enterprise Voice, Video, and Messaging Endpoints are not capable of providing audit records and instead rely on session management and border elements. Enterprise Voice, Video, and Messaging Endpoints capable of producing audit records provide supplemental confirmation of monitored events. Enterprise Voice, Video, and Messaging Endpoints that communicate beyond these defined environments must generate audit records.

Check Content

Verify the Enterprise Voice, Video, and Messaging Endpoint generates audit records for privileged activities or other system-level access. If the Enterprise Voice, Video, and Messaging Endpoint does not generate audit records for privileged activities or other system-level access, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Endpoint to generate audit records for privileged activities or other system-level access.

Additional Identifiers

Rule ID: SV-259976r948895_rule

Vulnerability ID: V-259976

Group Title: SRG-NET-000504

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.