Title

The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the identity of the users and identifiers associated with the session. (Cat II impact)

Discussion

Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are generated from several components within the Voice Video system (e.g., session manager, session border control, gateway, gatekeeper, or endpoints). Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers.

Check Content

Verify the Enterprise Voice, Video, and Messaging Session Manager produces session records containing the identity of the users and identifiers associated with the session. The identity of the users and identifiers of the call in this context would be the user ID or user name. For Enterprise Voice, Video, and Messaging Session Managers that have the concept of a device rather than users and identifiers, this requirement is not applicable. If the Enterprise Voice, Video, and Messaging Session Manager does not produce session records containing the identity of the users and identifiers associated with the session, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Session Manager to produce session records containing the identity of the users and identifiers associated with the session.

Additional Identifiers

Rule ID: SV-260001r948964_rule

Vulnerability ID: V-260001

Group Title: SRG-NET-000079

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.