Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the outcome (status) of the connection.
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are g...Rule Medium Severity -
The Enterprise Voice, Video, and Messaging Session Manager must alert the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of a session (call) record system failure.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process session records. Without this notification, the security personnel may be unaware of an impendi...Rule Medium Severity -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized deletion.
If session records were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of s...Rule Medium Severity -
The Enterprise Voice, Video, and Messaging Session Manager must only use ports, protocols, and services allowed per the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and Vulnerability Assessments (VAs).
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...Rule High Severity -
The Enterprise Voice, Video, and Messaging Session Manager must be configured to implement attack-resistant mechanisms for Voice Video Endpoint registration.
Attacks against an Enterprise Voice, Video, and Messaging Session Manager may include denial of service (DoS), replay attacks, or cross-site scripting. A replay attack may enable an unauthorized us...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.