Skip to content

Implementing Unified Capabilities (UC) soft clients as the primary voice endpoint must have authorizing official (AO) approval.

An XCCDF Rule

Description

<VulnDiscussion>The AO responsible for the implementation of a voice system that uses UC soft clients for its endpoints must be made aware of the risks and benefits. In addition, the commander of an organization whose mission depends on such a telephone system must also be made aware and provide approval. When UC soft clients are fielded as the primary endpoint, the risk of unavailability is high compared to dedicated instruments. Another major difficulty for UC soft clients deployed on laptops is providing accurate location information for emergency services. When emergency services are called from the laptop, if it is not at the location entered in the Automated Location Identification (ALI) database, emergency services may be dispatched to the wrong place.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-259907r948751_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Obtain the Command and AO approval for the implementation or transition to UC soft clients as the primary endpoints in writing. 

Approval documentation must be maintained by the ISSO for future inspection by IA reviewers or auditors. If Command and AO written approval is not available, hardware endpoints must be used as the primary endpoints.

NOTE: This requirement is in addition to AO approval for deploying UC soft clients on DOD networks. When UC soft clients are deployed as the primary endpoint, additional risks to availability exist.