An error occurred:

Check: RTS-VTC 3640.00

Video Services Policy STIG: RTS-VTC 3640.00 (in versions v1 r12 through v1 r8)

Title

A VTC management system or endpoint must have risk approval and acceptance in writing by the responsible Authorizing Official (AO). (Cat II impact)

Discussion

The risk of operating any DoD system or application must be assessed, defined, and formally accepted before use. The person responsible for the enclave’s network and system’s or application’s accreditation is the AO. The AO must approve changes to an existing system or the implementation of a new system having an affect the IA posture and accreditation of a system. The IA issues surrounding the use of VTC endpoints warrant AO approval. The AO must be made aware of the issues and vulnerabilities presented to the network, the area, and information processed as well as the mitigations for same. The AO approval for the addition of IP based VTC endpoints or VTC infrastructure devices (MCUs, gatekeepers, gateways etc.) to the base network or organization’s intranet. This is not intended to require separate approval for each individual endpoint in a multi-endpoint system. However, if the system is a single endpoint, it may require an individual approval.

Check Content

Review site documentation to confirm the VTC management system and endpoint have risk approval and acceptance in writing by the responsible AO. Inspect documentation to ensure that if VTC and VTU endpoints are in use, they have been approved by the responsible AO in writing. This documentation should reference the risk assessment performed with the AO’s acknowledgement of a full understanding of any risk, vulnerabilities, and mitigations surrounding the VTC implementation. If the VTC management system and endpoint do not have risk approval and acceptance in writing by the responsible AO, this is a finding.

Fix Text

Implement site documentation containing the VTC management system and endpoint risk approval and acceptance in writing by the responsible AO.

Additional Identifiers

Rule ID: SV-18883r3_rule

Vulnerability ID: V-17709

Group Title: RTS-VTC 3640

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check