Rule ID
SV-259907r1173933_rule
Version
V1R4
CCIs
CCI-003963
The AO responsible for the implementation of a voice system that uses UC soft clients for its endpoints must be made aware of the risks and benefits. In addition, the commander of an organization whose mission depends on such a telephone system must also be made aware and provide approval. When UC soft clients are fielded as the primary endpoint, the risk of unavailability is high compared to dedicated instruments. Another major difficulty for UC soft clients deployed on laptops is providing accurate location information for emergency services. When emergency services are called from the laptop, if it is not at the location entered in the Automated Location Identification (ALI) database, emergency services may be dispatched to the wrong place.
Verify the Command and AO approves the implementation or transition to UC soft clients as the primary endpoints in writing. Verify the ISSO maintains approval documentation for inspection by IA reviewers or auditors. Review the written Command and AO approval for the implementation of a telephone system that primarily uses UC soft client applications for its endpoints. If no written Command and AO approval exists for UC soft client endpoints, this is a finding.
Obtain the Command and AO approval for the implementation or transition to UC soft clients as the primary endpoints in writing. Approval documentation must be maintained by the ISSO for future inspection by IA reviewers or auditors. If Command and AO written approval is not available, hardware endpoints must be used as the primary endpoints. NOTE: This requirement is in addition to AO approval for deploying UC soft clients on DOD networks. When UC soft clients are deployed as the primary endpoint, additional risks to availability exist.