← Back to Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide

V-260026

CAT II (Medium)

The Enterprise Voice, Video, and Messaging Session Manager must be configured to require Voice Video peers to re-register (reauthenticate) at least every hour.

Rule ID

SV-260026r1173881_rule

STIG

Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide

Version

V1R2

CCIs

CCI-002038

Discussion

Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific pre-authorized devices can access the system. Registration is the process of authorizing endpoints to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.

Check Content

Verify the Enterprise Voice, Video, and Messaging Session Manager requires Voice Video peers to re-register (reauthenticate) at least every hour.

If the Enterprise Voice, Video, and Messaging Session Manager does not require Voice Video peers to re-register (reauthenticate) at least every hour, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Session Manager to re-register (reauthenticate) Voice Video peers at least every hour.