Title

The Unified Communications Endpoint must generate audit records showing starting and ending time for user access to the system. (Cat II impact)

Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit records are commonly produced by session management and border elements. Many Unified Communications Endpoints are not capable of providing audit records and instead rely on session management and border elements. Unified Communications Endpoints capable of producing audit records provide supplemental confirmation of monitored events. Unified Communications Endpoints that communicate beyond these defined environments must generate audit records.

Check Content

Verify the Unified Communications Endpoint generates audit records showing starting and ending time for user access to the system. If the Unified Communications Endpoint does not generate audit records showing starting and ending time for user access, this is a finding.

Fix Text

Configure the Unified Communications Endpoint to generate audit records showing starting and ending time for user access to the system.

Additional Identifiers

Rule ID: SRG-NET-000505-VVEP-00010_rule

Vulnerability ID: SRG-NET-000505-VVEP-00010

Group Title: SRG-NET-000505-VVEP-00010

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.