← Back to Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide

V-260004

CAT II (Medium)

The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized modification.

Rule ID

SV-260004r948973_rule

STIG

Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide

Version

V1R2

CCIs

CCI-000163

Discussion

If session records were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of session records, the information system and/or the application must protect session information from unauthorized modification. This requirement can be achieved through multiple methods, which will depend upon system architecture and design. Some commonly employed methods include ensuring log files receive the proper file system permissions and limiting log data locations.

Check Content

Verify the Enterprise Voice, Video, and Messaging Session Manager protects session records from unauthorized modification.

If the Enterprise Voice, Video, and Messaging Session Manager does not protect session records from unauthorized modification, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Session Manager to protect session records from unauthorized modification.