Title

The Voice Video Endpoint processing classified calls must be properly marked with the highest security level of the information being processed. (Cat II impact)

Discussion

Without the association of security attributes to information, there is no basis for the network element to make security related access-control and flow-control decisions. Security attributes includes marking data as classified or FOUO. These security attributes may be assigned manually or during data processing but either way, it is imperative these assignments are maintained while the data is in process. If the security attributes are lost when the data is being processed, there is the risk of a data compromise. All hardware Voice Video endpoints processing classified calls, including phones and terminals, must be properly marked with the highest class-mark of the system. (Formerly DRSN 1098).

Check Content

If the Voice Video Endpoint is a soft client, this is Not Applicable. If the Voice Video Endpoint does not process classified calls, this is Not Applicable. Verify the Voice Video Endpoint processing classified calls is properly marked with the highest security level of the information being processed. If the Voice Video Endpoint processing classified calls is not properly marked with the highest security level of the information being processed, this is a finding.

Fix Text

Properly mark the Voice Video Endpoint processing classified calls with the highest security level of the information being processed.

Additional Identifiers

Rule ID: SV-206770r604140_rule

Vulnerability ID: V-206770

Group Title: SRG-NET-000311

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.