Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000015
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to prevent the configuration or display of configuration settings without the use of a PIN or password.
<VulnDiscussion>Many Enterprise Voice, Video, and Messaging Endpoints can set or display configuration settings in the instrument itself. Thi...Rule Medium Severity -
SRG-NET-000015
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to register with an Enterprise Voice, Video, and Messaging Session Manager.
<VulnDiscussion>For most VoIP systems, registration is the process of centrally recording the user ID, endpoint MAC address, service/policy p...Rule High Severity -
SRG-NET-000018
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint PC port must be configured to maintain VLAN separation from the voice video VLAN, or be disabled.
<VulnDiscussion>Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and oth...Rule Medium Severity -
SRG-NET-000018
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to integrate into the implemented 802.1x network access control system.
<VulnDiscussion>IEEE 802.1x is a protocol used to control access to LAN services via a network access switchport or wireless access point tha...Rule Medium Severity -
SRG-NET-000018
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint PC port must be configured to connect to an 802.1x supplicant or the PC port must be disabled.
<VulnDiscussion>IEEE 802.1x is a protocol used to control access to LAN services via a network access switchport or wireless access point tha...Rule Medium Severity -
SRG-NET-000018
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint not supporting 802.1x must be configured to use MAC Authentication Bypass (MAB) on the access switchport.
<VulnDiscussion>IEEE 802.1x is a protocol used to control access to LAN services via a network access switchport or wireless access point tha...Rule Medium Severity -
SRG-NET-000018
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to use a voice video VLAN, separate from all other VLANs.
<VulnDiscussion>Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and oth...Rule Medium Severity -
SRG-NET-000018
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to disable the Far End Camera Control feature if supported.
<VulnDiscussion>Many VTC endpoints support Far End Camera Control (FECC). This feature uses H.281 protocol, which must be supported by both V...Rule Medium Severity -
SRG-NET-000029
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access).
<VulnDiscussion>Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number...Rule Medium Severity -
SRG-NET-000053
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Endpoint must be configured to apply 802.1Q VLAN tags to signaling and media traffic.
<VulnDiscussion>When Enterprise Voice, Video, and Messaging Endpoints do not dynamically assign 802.1Q VLAN tags as data is created and combi...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.