Title

The Voice Video Session Manager must provide an explicit indication of current participants in all videoconference-based and IP-based online meetings and conferences (excluding audio-only teleconferences using traditional telephony). (Cat II impact)

Discussion

Providing an explicit indication of current participants in videoconferences helps to prevent unauthorized individuals from participating in collaborative videoconference sessions without the explicit knowledge of other participants. videoconferences allow groups of users to collaborate and exchange information. Without knowing who is in attendance, information could be compromised. For videoconferences with large numbers of people present, the identified participant may be listed as the room rather than by each individual attending. Voice video session managers that provide a videoconference capability must provide a clear indication of who is attending the meeting, thus providing all attendees with the capability to clearly identify users who are in attendance.

Check Content

Verify the Voice Video Session Manager provides an explicit indication of current participants in all videoconference-based and IP-based online meetings and conferences. This requirement does not apply to audio-only teleconferences using traditional telephony. If the Voice Video Session Manager does not provide an explicit indication of current participants in all videoconference-based and IP-based online meetings and conferences, this is a finding.

Fix Text

Configure the Voice Video Session Manager to provide an explicit indication of current participants in all videoconference-based and IP-based online meetings and conferences, except audio-only teleconferences using traditional telephony.

Additional Identifiers

Rule ID: SV-206848r508661_rule

Vulnerability ID: V-206848

Group Title: SRG-NET-000353

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.