Check: SRG-NET-000353-VVEP-00042
Voice Video Endpoint SRG:
SRG-NET-000353-VVEP-00042
(in versions v2 r2 through v1 r4)
Title
The Voice Video Endpoint must provide an explicit indication of current participants in all Videoconference (VC)-based and IP-based online meetings and conferences. (Cat II impact)
Discussion
Providing an explicit indication of current participants in teleconferences helps to prevent unauthorized individuals from participating in collaborative teleconference sessions without the explicit knowledge of other participants. Teleconferences allow groups of users to collaborate and exchange information. Without knowing who is in attendance, information could be compromised. This requirement excludes audio-only teleconferences using traditional telephony. Network elements that provide a teleconference capability must provide a clear indication of who is attending the meeting, thus providing all attendees with the capability to clearly identify users who are in attendance.
Check Content
Verify the Voice Video Endpoint provides an explicit indication of current participants in all VC-based and IP-based online meetings and conferences. This excludes audio-only teleconferences using traditional telephony. If the Voice Video Endpoint does not provide an explicit indication of current participants in all VC-based and IP-based online meetings and conferences, this is a finding.
Fix Text
Configure the Voice Video Endpoint provides an explicit indication of current participants in all VC-based and IP-based online meetings and conferences.
Additional Identifiers
Rule ID: SV-206776r604140_rule
Vulnerability ID: V-206776
Group Title: SRG-NET-000353
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-002453 |
The information system provides an explicit indication of current participants in organization-defined online meetings and teleconferences. |