Navigate

Check: SRG-NET-000512-VVSM-00054

Voice Video Session Management SRG: SRG-NET-000512-VVSM-00054 (in versions v2 r2 through v1 r5)

Title

The Voice Video Session Manager must be configured to obfuscate passwords within configuration files. (Cat II impact)

Discussion

Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Voice Video Session Managers must enforce password encryption when storing passwords within configuration files.

Check Content

Verify the Voice Video Session Manager is configured to obfuscate passwords within configuration files. If the Voice Video Session Manager is not configured to obfuscate passwords within configuration files, this is a finding.

Fix Text

Configure the Voice Video Session Manager to obfuscate passwords within configuration files.

Additional Identifiers

Rule ID: SV-206859r508661_rule

Vulnerability ID: V-206859

Group Title: SRG-NET-000512

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings