Title

The Unified Communications Session Manager must produce session (call) records for events determined to be significant and relevant by local policy. (Cat II impact)

Discussion

Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are generated from several components within the Voice Video system (e.g., session manager, session border control, gateway, gatekeeper, or endpoints). Session record content that may be necessary to satisfy this requirement includes, for example, type of connection, connection origination, time stamps, outcome, user identities, and user identifiers. Additionally, an adversary must not be able to modify or delete session records.

Check Content

Verify the Unified Communications Session Manager produces session records for events determined to be significant and relevant by local policy. If the Unified Communications Session Manager does not produce session records for events determined to be significant and relevant by local policy, this is a finding.

Fix Text

Configure the Unified Communications Session Manager to produce session records for events determined to be significant and relevant by local policy.

Additional Identifiers

Rule ID: SRG-NET-000113-VVSM-00101_rule

Vulnerability ID: SRG-NET-000113-VVSM-00101

Group Title: SRG-NET-000113-VVSM-00101

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.