Title

The Unified Communications Endpoint must be configured to produce session (call detail) records containing the identity of all users. (Cat II impact)

Discussion

Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. Audit records are commonly produced by session management and border elements. Many Unified Communications Endpoints are not capable of providing audit records and instead rely on session management and border elements. Unified Communications Endpoints capable of producing audit records provide supplemental confirmation of monitored events. Unified Communications Endpoints that communicate beyond these defined environments must generate audit records.

Check Content

Verify the Unified Communications Endpoint produces session records containing the identity of all users on the call. If the Unified Communications Endpoint does not produce session records containing the identity of all users on the call, this is a finding.

Fix Text

Configure the Unified Communications Endpoint to produce session records containing the identity of all users on the call.

Additional Identifiers

Rule ID: SRG-NET-000079-VVEP-00026_rule

Vulnerability ID: SRG-NET-000079-VVEP-00026

Group Title: SRG-NET-000079-VVEP-00026

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.