STIGs Search Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide

Version

V1R3

Release Date

Oct 1, 2025

SCAP Benchmark ID

EVVM_Endpoint_SRG

Total Checks

47

Tags

other

CAT I: 8CAT II: 39CAT III: 0

This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (47)

V-259940MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must not be configured with any vendor default accounts, PINs, or passwords to access configuration settings.V-259941MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to prevent the configuration or display of configuration settings without the use of a PIN or password.V-259942HIGHThe Enterprise Voice, Video, and Messaging Endpoint must be configured to register with an Enterprise Voice, Video, and Messaging Session Manager.V-259943MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint PC port must be configured to maintain VLAN separation from the voice video VLAN, or be disabled.V-259944MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to integrate into the implemented 802.1x network access control system.V-259945MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint PC port must be configured to connect to an 802.1x supplicant or the PC port must be disabled.V-259946MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint not supporting 802.1x must be configured to use MAC Authentication Bypass (MAB) on the access switchport.V-259947MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to use a voice video VLAN, separate from all other VLANs.V-259948MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to disable the Far End Camera Control feature if supported.V-259949MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to apply 802.1Q VLAN tags to signaling and media traffic.V-259950MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the network.V-259951MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.V-259952MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must notify the user, upon successful logon (access) to the network element, of the date and time of the last logon (access).V-259953MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access).V-259954MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to limit the number of concurrent sessions to an organizationally defined number.V-259955MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing what type of connection occurred.V-259956MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing when (date and time) the connection occurred.V-259957MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing where the connection occurred.V-259958MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the source of the connection.V-259959MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the outcome of the connection.V-259960MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the identity of all users.V-259961MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to provide session (call detail) record generation capability.V-259962MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to disable or remove nonessential capabilities.V-259963HIGHThe Enterprise Voice, Video, and Messaging Endpoint must be configured to only use ports, protocols, and services allowed per the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and Vulnerability Assessments (VAs).V-259964HIGHThe Enterprise Voice, Video, and Messaging Endpoint must be configured to uniquely identify participating users.V-259965MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must use multifactor authentication for network access to nonprivileged (nonadmin) accounts.V-259966MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to implement replay-resistant authentication mechanisms for network access.V-259967HIGHThe Enterprise Voice, Video, and Messaging Endpoint must be configured to terminate all network connections associated with a communications session at the end of the session.V-259968MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to use FIPS-validated SHA-2 or higher to protect the authenticity of communications sessions.V-259969MEDIUMIn the event of a device failure, Enterprise Voice, Video, and Messaging Endpoints must preserve any information necessary to determine cause of failure and return to operations with least disruption to service.V-259970MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must offload audit records onto a different system or media than the system being audited.V-259971MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network.V-259972MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must provide an explicit indication of current participants in all Videoconference (VC)-based and IP-based online meetings and conferences.V-259973HIGHThe Enterprise Voice, Video, and Messaging Endpoint must be configured to use FIPS-compliant algorithms for network traffic.V-259974HIGHThe Enterprise Voice, Video, and Messaging Endpoint, when using passwords or PINs for authentication or authorization, must be configured to cryptographically protect the PIN or password.V-259975MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must generate audit records when successful/unsuccessful logon attempts occur.V-259976MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must generate audit records for privileged activities or other system-level access.V-259977MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must generate audit records showing starting and ending time for user access to the system.V-259978MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must, at a minimum, offload interconnected systems in real-time and offload standalone systems weekly.V-259979MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.V-259980HIGHThe Enterprise Voice, Video, and Messaging Endpoint must be configured with a firmware release supported by the vendor.V-259981MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to dynamically implement configuration file changes.V-259982MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must be configured to disable any auto answer features.V-259983MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must provide a logout capability for user-initiated communications sessions.V-259984MEDIUMThe Enterprise Voice, Video, and Messaging Endpoint must display an explicit logout message to users indicating the reliable termination of communications sessions.V-259985MEDIUMFor accounts using password or PINs for authentication, the Enterprise Voice, Video, and Messaging Endpoint must store only cryptographic representations of passwords.V-259986HIGHThe Enterprise Voice, Video, and Messaging Endpoint must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0.