The Enterprise Voice, Video, and Messaging Session Manager must be configured to generate session (call) records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-260019	SRG-NET-000273	SRG-NET-000273-VVSM-00101	SV-260019r949018_rule	2024-03-11	1

Description
Any Enterprise Voice, Video, and Messaging Session Manager providing too much information in session records risks compromising the data and security of the application and system. The structure and content of session records must be carefully considered by the organization and development team.

ℹ️ Check
Verify the Enterprise Voice, Video, and Messaging Session Manager generates session records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information. If the Enterprise Voice, Video, and Messaging Session Manager does not generate session records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information, this is a finding.

ℹ️ Check

Verify the Enterprise Voice, Video, and Messaging Session Manager generates session records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information. If the Enterprise Voice, Video, and Messaging Session Manager does not generate session records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information, this is a finding.

✔️ Fix
Configure the Enterprise Voice, Video, and Messaging Session Manager to generate session records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information.