Title

VTU encryption indicator is not enabled. (Cat II impact)

Discussion

In support of the need for encryption and the need for the VTU user to be aware that in fact his/her conference session is being encrypted, the VTU must display an indicator that encryption is indeed occurring.

Check Content

[IP][ISDN]; Interview the IAO to validate compliance with the following requirement: Ensure all VTU’s under IAO’s control display a visual indicator that encryption is in fact taking place. Note: During APL testing, this is a finding in the event this requirement is not supported by the CODEC i.e., an on screen visual indicator displaying that encryption is indeed occurring. Note: In the event encryption is provided by external devices (not the CODEC), an external indicator meets this requirement in place of the on-screen indicator.

Fix Text

[IP][ISDN]; Perform the following tasks: Implement VTU CODECs that provide an on screen indicator that encryption is occurring and active. OR If the encryption is provided by external devices (not the CODEC), implement an external indicator to display encryption status in place of an on-screen indicator provided by the CODEC.

Additional Identifiers

Rule ID: SV-18859r1_rule

Vulnerability ID: V-17685

Group Title: RTS-VTC 1250.00 [IP][ISDN]

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.