Title

Insufficient security clearance held by an “operator/facilitator/administrator” performing remote monitoring activities during a VTC session/conference. (Cat II impact)

Discussion

Administrators or “operators/facilitators” that perform monitoring as discussed in this section must have an appropriate security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

Check Content

[IP][ISDN]; Interview the Administrator to validate compliance with the following requirement: Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed. Verify with IAO that conference call operator/facilitator has security clearance commensurate with or higher than the classification level of the system and/or the information to which they are exposed.

Fix Text

[IP][ISDN]; Perform the following tasks: Ensure administrators that are required to monitor a conference or conferences possess a security clearance that is the same as or higher than the VTC system and the conference information to which they are exposed.

Additional Identifiers

Rule ID: SV-18855r1_rule

Vulnerability ID: V-17681

Group Title: RTS-VTC 1168.00 [IP][ISDN]

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.