Skip to content

Enterprise Voice, Video, and Messaging Policy Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-VOIP-000580

    <GroupDescription></GroupDescription>
    Group
  • The Enterprise Voice, Video, and Messaging Policy must define operations for endpoint microphones regarding the ability to pick up and transmit sensitive information.

    &lt;VulnDiscussion&gt;Microphones used with VTC systems and devices are designed to be extremely sensitive so the voice of anyone speaking anywhere...
    Rule Medium Severity
  • SRG-VOIP-000120

    <GroupDescription></GroupDescription>
    Group
  • A Call Center or Computer Telephony Integration (CTI) system using soft clients must be segregated into a protected enclave and limit traffic traversing the boundary.

    &lt;VulnDiscussion&gt;UC soft clients may be used on a strategic LAN when associated with or part of a CTI application. Traditional computer teleph...
    Rule Medium Severity
  • SRG-VOIP-000300

    <GroupDescription></GroupDescription>
    Group
  • SRG-VOIP-000440

    <GroupDescription></GroupDescription>
    Group
  • SRG-VOIP-000100

    <GroupDescription></GroupDescription>
    Group
  • The Enterprise Voice, Video, and Messaging Policy must define operations for VTC and endpoint cameras regarding the ability to pick up and transmit sensitive information.

    &lt;VulnDiscussion&gt;Users of conference room or office-based VTC systems and PC-based communications applications that employ a camera must not i...
    Rule High Severity
  • SRG-VOIP-000110

    <GroupDescription></GroupDescription>
    Group
  • An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next.

    &lt;VulnDiscussion&gt;All residual data (data unintentionally left behind on computer media) must be cleared before transitioning from one period/n...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules