Check: VVoIP 1715 (GENERAL)
Voice Video Services Policy STIG:
VVoIP 1715 (GENERAL)
(in versions v3 r18 through v3 r15)
Title
A PC communications application is operated with administrative or root level privileges. (Cat II impact)
Discussion
PC voice, video, UC, and collaboration communications applications must not be operated in a manner that can compromise the platform if the application itself becomes compromised. One way to mitigate this possibility is to ensure that the application does not require administrative privileges to operate and that it is not operated with privileges that could be used to compromise the platform, other applications, or the network.
Check Content
Interview the IAO to validate compliance with the following requirement: Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges. Determine if the installed PC voice, video, UC, or collaboration communications application(s) requires and/or is configured to operate with administrative privileges. Inspect a random sampling of PC voice, video, UC, or collaboration communications applications to determine if they are configured to operate with administrative privileges. This is a finding if a PC voice, video, UC, or collaboration communications application requires with administrative privileges to operate or if the application or platform is configured such that the application runs with administrative privileges. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.
Fix Text
Ensure PC voice, video, UC, or collaboration communications applications do not require and/or are not configured to operate with administrative privileges. Configure the application and/or platform to not operate with administrative privileges or un-install it. Even though a user has administrative privileges, the application should not inherit those privileges and should operate without them.
Additional Identifiers
Rule ID: SV-17102r1_rule
Vulnerability ID: V-16114
Group Title: Deficient Config: PC Comm App Operating Privilege
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |