Title

The Voice Video Endpoint must prevent the user from installing third-party software. (Cat II impact)

Discussion

Unauthorized third-party software is challenging the security posture of DoD. Most established vendors have developed patch management process that prevents risk, resulting in an estimated 80 percent of threats arise from third-party software. Preventing users from installing third-party software limits organizational exposure. Additionally, preventing installation of untrusted software further reduces risk to the network.

Check Content

Verify the Voice Video Endpoint prevents the user from installing third-party software. If the Voice Video Endpoint does not prevent the user from installing third-party software, this is a finding.

Fix Text

Configure the Voice Video Endpoint to prevent the user from installing third-party software.

Additional Identifiers

Rule ID: SV-206803r604140_rule

Vulnerability ID: V-206803

Group Title: SRG-NET-000512

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.