III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-VOIP-000100
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Policy must define operations for VTC and endpoint cameras regarding the ability to pick up and transmit sensitive information.
<VulnDiscussion>Users of conference room or office-based VTC systems and PC-based communications applications that employ a camera must not i...Rule High Severity -
SRG-VOIP-000110
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Policy must define operations for endpoint microphones regarding the ability to pick up and transmit sensitive information.
<VulnDiscussion>Microphones used with VTC systems and devices are designed to be extremely sensitive so the voice of anyone speaking anywhere...Rule Medium Severity -
SRG-VOIP-000120
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by being sanitized of all information while transitioning from one period/network to the next.
<VulnDiscussion>All residual data (data unintentionally left behind on computer media) must be cleared before transitioning from one period/n...Rule Medium Severity -
SRG-VOIP-000130
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing by connecting the CODEC to one network at a time, matching the classification level of the session to the classification level of the network.
<VulnDiscussion>Connecting to networks of different classifications simultaneously incurs the risk of data from a higher classification being...Rule High Severity -
SRG-VOIP-000140
<GroupDescription></GroupDescription>Group -
An IP-based VTC system implementing a single CODEC that supports conferences on multiple networks with different classification levels (i.e., unclassified, SECRET, TOP SECRET, TS-SCI) must support Periods Processing sanitization by purging/clearing volatile memory within the CODEC by powering the CODEC off for a minimum of 60 seconds.
<VulnDiscussion>Volatile memory requires power to maintain the stored information. It retains its contents while powered, but when power is i...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.