Title

The Voice Video Endpoint used for videoconferencing must use multifactor authentication for network access. (Cat II impact)

Discussion

To assure accountability and prevent unauthenticated access, users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) Something you know (e.g., password/PIN); (ii) Something you have (e.g., cryptographic identification device, token); or (iii) Something you are (e.g., biometric). Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection. The DoD CAC with DoD-approved PKI is an example of multifactor authentication. This does not apply to authentication for the purpose of configuring the device itself (i.e., device management).

Check Content

If the Voice Video Endpoint is a hardware endpoint, this check procedure is Not Applicable. Verify the Voice Video Endpoint used for videoconferencing uses multifactor authentication for network access. If the Voice Video Endpoint used for videoconferencing does not use multifactor authentication for network access, this is a finding.

Fix Text

Configure the Voice Video Endpoint used for videoconferencing to use multifactor authentication for network access.

Additional Identifiers

Rule ID: SV-206762r604140_rule

Vulnerability ID: V-206762

Group Title: SRG-NET-000140

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.