Title

The Unified Communications Endpoint must generate audit records when successful/unsuccessful logon attempts occur. (Cat II impact)

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit records are commonly produced by session management and border elements. Many Unified Communications Endpoints are not capable of providing audit records and instead rely on session management and border elements. Unified Communications Endpoints capable of producing audit records provide supplemental confirmation of monitored events. Unified Communications Endpoints that communicate beyond these defined environments must generate audit records.

Check Content

Verify the Unified Communications Endpoint generates audit records when successful/unsuccessful logon attempts occur. If the Unified Communications Endpoint does not generate audit records when successful/unsuccessful logon attempts occur, this is a finding.

Fix Text

Configure the Unified Communications Endpoint to generate audit records when successful/unsuccessful logon attempts occur.

Additional Identifiers

Rule ID: SRG-NET-000503-VVEP-00010_rule

Vulnerability ID: SRG-NET-000503-VVEP-00010

Group Title: SRG-NET-000503-VVEP-00010

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.