Check: SRG-NET-000131-VVSM-00048
Voice Video Session Management SRG:
SRG-NET-000131-VVSM-00048
(in versions v2 r2 through v1 r5)
Title
The Voice Video Session Manager must be configured to disable non-essential capabilities. (Cat II impact)
Discussion
It is detrimental for voice video session managers to provide, or enable by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors. Voice video session managers are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).
Check Content
Verify the Voice Video Session Manager is configured to disable non-essential capabilities. If the Voice Video Session Manager is not configured to disable non-essential capabilities, this is a finding.
Fix Text
Configure the Voice Video Session Manager to be configured to disable non-essential capabilities.
Additional Identifiers
Rule ID: SV-206826r508661_rule
Vulnerability ID: V-206826
Group Title: SRG-NET-000131
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |