Title

The Voice Video Endpoint must block both inbound and outbound communications traffic between Unified Capability (UC) and Videoconferencing (VC) clients independently configured by end users and external service providers for voice and video. (Cat II impact)

Discussion

Various communication services such as public VoIP and Instant Messaging services route traffic over their own networks and are stored on their own servers; therefore, that traffic can be accessed at any time by the provider and potentially intercepted. Communication clients independently configured by end users and external service providers include, for example, instant messaging clients. Traffic blocking does not apply to communication clients that are configured by organizations to perform authorized functions.

Check Content

If UC and VC clients cannot be independently configured by either end users or external service providers, this is Not Applicable. Verify the Voice Video Endpoint blocks both inbound and outbound communications traffic between UC and VC clients independently configured by end users and external service providers for voice and video. If the Voice Video Endpoint does not block both inbound and outbound communications traffic between UC and VC clients independently configured by end users and external service providers, this is a finding.

Fix Text

Configure the Voice Video Endpoint to block both inbound and outbound communications traffic between UC and VC clients independently configured by end users and external service providers.

Additional Identifiers

Rule ID: SV-206777r604140_rule

Vulnerability ID: V-206777

Group Title: SRG-NET-000366

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.