Title

The Enterprise Voice, Video, and Messaging Endpoint must provide an explicit indication of current participants in all Videoconference (VC)-based and IP-based online meetings and conferences. (Cat II impact)

Discussion

Providing an explicit indication of current participants in teleconferences helps to prevent unauthorized individuals from participating in collaborative teleconference sessions without the explicit knowledge of other participants. Teleconferences allow groups of users to collaborate and exchange information. Without knowing who is in attendance, information could be compromised. Network elements that provide a teleconference capability must provide a clear indication of who is attending the meeting, thus providing all attendees with the capability to clearly identify users who are in attendance.

Check Content

Verify the Enterprise Voice, Video, and Messaging Endpoint provides an explicit indication of current participants in all VC-based and IP-based online meetings and conferences. This excludes audio-only teleconferences using traditional telephony. If the Enterprise Voice, Video, and Messaging Endpoint does not provide an explicit indication of current participants in all VC-based and IP-based online meetings and conferences, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Endpoint provides an explicit indication of current participants in all VC-based and IP-based online meetings and conferences.

Additional Identifiers

Rule ID: SV-259972r987762_rule

Vulnerability ID: V-259972

Group Title: SRG-NET-000353

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.