Enterprise Voice, Video, and Messaging Policy Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-VOIP-000180
<GroupDescription></GroupDescription>Group -
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be Common Criteria certified.
<VulnDiscussion>Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security p...Rule Medium Severity -
SRG-VOIP-000190
<GroupDescription></GroupDescription>Group -
The A/B, A/B/C, or A/B/C/D switch used for network switching in IP-based VTC systems implementing a single CODEC that supports conferences on multiple networks with different classification levels must be TEMPEST certified.
<VulnDiscussion>Committee on National Security Systems Advisory Memorandum (CNSSAM) TEMPEST/01-13, RED/BLACK Installation Guidance, provides ...Rule Low Severity -
SRG-VOIP-000200
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single set of input/output devices (cameras, microphones, speakers, control system), an A/V switcher, and multiple CODECs connected to multiple IP networks with different classification levels must provide automatic mutually exclusive power control for the CODECs or their network connections so only one CODEC is powered on or one CODEC is connected to any network at any given time.
<VulnDiscussion>If a VTC system is implemented using multiple CODECs, each connected to a network with a different classification level, alon...Rule Medium Severity -
SRG-VOIP-000210
<GroupDescription></GroupDescription>Group -
The implementation of an IP-based VTC system that supports conferences on multiple networks with different classification levels must maintain isolation between the networks to which it connects by implementing separation of equipment and cabling between the various networks with differing classification levels in accordance with CNSSAM TEMPEST/01-13, RED/BLACK Installation Guidance.
<VulnDiscussion>Information leakage is the intentional or unintentional release of information to an untrusted environment from electromagnet...Rule Medium Severity -
SRG-VOIP-000220
<GroupDescription></GroupDescription>Group -
Video conferencing, Unified Capability (UC) soft client, and speakerphone speaker operations policy must prevent disclosure of sensitive or classified information over nonsecure systems.
<VulnDiscussion>Speakers used with Voice Video systems and devices may be heard by people and microphones with no relationship to the confere...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.