An error occurred:

Check: SRG-NET-000321-VVSM-00007

Voice Video Session Management SRG: SRG-NET-000321-VVSM-00007 (in versions v2 r2 through v1 r5)

Title

The Voice Video Session Manager must immediately enforce changes to privileges of Voice Video endpoint user access. (Cat II impact)

Discussion

Without the enforcement of immediate change to privilege levels, users and devices may not provide the correct level of service. Privileges include access to outside connections, precedence, and preemption capabilities. A user with higher precedence and preemption capability may supplant users authorized higher levels of access. Endpoint users must be limited to the privileges needed to conduct business and changes to privileges must be enforced immediately. Access authorizations should be dynamic to reflect changing conditions; if a revocation is not enforced in a timely manner, users may have inappropriate access. Revocation of access rules may differ based on the types of access revoked. For example, if a subject (i.e., user or process) is removed from a group, access may not be revoked until the next time the object (e.g., file) is opened or until the next time the subject attempts a new access to the object. Revocation based on changes to security labels may take effect immediately. It may be necessary to immediately revoke access in certain circumstances (i.e., a compromised account is being used). This may be mitigated by implementing SRG-NET-000321-VVSM-00008.

Check Content

Verify the Voice Video Session Manager immediately enforces change to privileges of Voice Video endpoint user access. Privileges include access to outside connections, precedence, and preemption capabilities. If the Voice Video Session Manager does not immediately enforce changes to privileges of Voice Video endpoint user access, this is a finding.

Fix Text

Configure the Voice Video Session Manager to immediately enforce changes to privileges of Voice Video endpoint user access.

Additional Identifiers

Rule ID: SV-206839r508661_rule

Vulnerability ID: V-206839

Group Title: SRG-NET-000321

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.
CCI-002178

The information system enforces the revocation of access authorizations resulting from changes to the security attributes of subjects based on organization-defined rules governing the timing of revocations of access authorizations.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3 (8)

Revocation Of Access Authorizations
CM-6

Configuration Settings