Title

The Voice Video Session Manager must protect the authenticity of communications sessions. (Cat I impact)

Discussion

Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. This requirement focuses on communications protection for the application session rather than for the network packet and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. VC and UC require the use of TLS mutual authentication (two-way/bidirectional) for authenticity.

Check Content

Verify the Voice Video Session Manager protects the authenticity of communications sessions. If the Voice Video Session Manager does not protect the authenticity of communications sessions, this is a finding.

Fix Text

Configure the Voice Video Session Manager to protect the authenticity of communications sessions.

Additional Identifiers

Rule ID: SV-206834r508661_rule

Vulnerability ID: V-206834

Group Title: SRG-NET-000230

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.