An error occurred:

Check: SRG-NET-000322-VVSM-00008

Voice Video Session Management SRG: SRG-NET-000322-VVSM-00008 (in versions v2 r2 through v1 r5)

Title

The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint device access. (Cat II impact)

Discussion

Without the enforcement of immediate change to privilege levels, users and devices may not provide the correct level of service. Privileges include access to outside connections, precedence, and preemption capabilities. A user with higher precedence and preemption capability may supplant users authorized higher levels of access. Endpoints must be limited to the privileges needed to conduct business and changes to privileges must be enforced immediately. Access authorizations should be dynamic to reflect changing conditions; if a revocation is not enforced in a timely manner, users may have inappropriate access. Revocation of access rules may differ based on the types of access revoked. For example, if a subject (i.e., user or process) is removed from a group, access may not be revoked until the next time the object (e.g., file) is opened or until the next time the subject attempts a new access to the object. Revocation based on changes to security labels may take effect immediately. It may be necessary to immediately revoke access in certain circumstances (i.e., a compromised account is being used). This may be mitigated by implementing SRG-NET-000321-VVSM-00007.

Check Content

Verify the Voice Video Session Manager immediately enforces change to privileges of Voice Video endpoint device access. Privileges include access to outside connections, precedence, and preemption capabilities. If the Voice Video Session Manager does not immediately enforce changes to privileges of Voice Video endpoint device access, this is a finding.

Fix Text

Configure the Voice Video Session Manager to immediately enforce changes to privileges of Voice Video endpoint device access.

Additional Identifiers

Rule ID: SV-206840r508661_rule

Vulnerability ID: V-206840

Group Title: SRG-NET-000322

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.
CCI-002179

The information system enforces the revocation of access authorizations resulting from changes to the security attributes of objects based on organization-defined rules governing the timing of revocations of access authorizations.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3 (8)

Revocation Of Access Authorizations
CM-6

Configuration Settings