Check: SRG-NET-000338-VVSM-00006
Voice Video Session Management SRG:
SRG-NET-000338-VVSM-00006
(in versions v2 r2 through v1 r5)
Title
The Voice Video Session Manager must require Voice Video endpoints to re-register at least every three (3) hours. (Cat II impact)
Discussion
Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific pre-authorized devices can access the system. Registration is the process of authorizing endpoints to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.
Check Content
Verify the Voice Video Session Manager requires Voice Video endpoints to re-register at least every three hours. If the Voice Video Session Manager does not require Voice Video endpoints to re-register or does not enforce re-registration at least every three hours, this is a finding.
Fix Text
Configure the Voice Video Session Manager to re-register Voice Video endpoints at least every three hours.
Additional Identifiers
Rule ID: SV-206844r508661_rule
Vulnerability ID: V-206844
Group Title: SRG-NET-000338
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002039 |
The organization requires devices to reauthenticate upon organization-defined circumstances or situations requiring reauthentication. |
Controls
| Number | Title |
|---|---|
| IA-11 |
Re-Authentication |