Title

The Unified Capabilities (UC) soft client Certification and Accreditation (CA) documentation must be included in the CA documentation for the supporting VVoIP system. (Cat II impact)

Discussion

Communications applications must be tested and subsequently certified and accredited for IA purposes. This includes the applications and any upgrades or patches. Since a UC soft client is typically supported by a larger VVoIP communications system, the security of the application will affect the security of the overall system. Therefore the C&A documentation for the UC soft client must be included in the C&A documentation for the overall VVoIP system. Subsequently the VVoIP system’s C&A documentation must be included in the C&A documentation for the LAN or enclave.

Check Content

Review the site documentation and confirm the UC soft client C&A documentation is included in the C&A documentation for the supporting VVoIP system. If the UC soft client C&A documentation is not included in the C&A documentation for the supporting VVoIP system, this is a finding.

Fix Text

Include the UC soft client C&A documentation in the C&A documentation for the supporting VVoIP system and update the Approval To Operate (ATO) with the UC soft client application.

Additional Identifiers

Rule ID: SV-17094r2_rule

Vulnerability ID: V-16106

Group Title: VVoIP 1105

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.