NIST SP 800-53 Rev. 5 Compliance Documentation

Standpoint Video Conferencing System
System Name: Standpoint Video Conferencing System
Vendor: Enomoli, LLC
Document Version: 1.1
Document Date: November 5, 2025
FIPS 199 Impact Level: Low (Confidentiality: Low, Integrity: Moderate, Availability: Low)
System Type: Air-Gapped Real-Time Video Conferencing (No Data Persistence)

I. EXECUTIVE SUMMARY

This document provides a comprehensive mapping of the Standpoint Video Conferencing System to NIST Special Publication 800-53 Revision 5 security and privacy controls. Standpoint is a specialized video conferencing platform designed for formal legal proceedings and sensitive governmental communications requiring role-based access control, air-gapped operation, and zero external dependencies.

Key Compliance Highlights:

Standpoint's architecture inherently satisfies many NIST 800-53 controls through design rather than configuration. This document details how the system implements, partially implements, or renders not applicable the relevant controls for a Low-impact information system used for transient communications.

II. SYSTEM OVERVIEW

A. System Description

Standpoint is a native iOS/iPadOS/tvOS application providing real-time video and audio conferencing with role-based selective streaming. The system operates exclusively on local area networks without internet connectivity, external servers, or cloud services.

B. System Characteristics

Characteristic Description Security Implication
Deployment Model Complete turn-key kit (all hardware included) Controlled hardware supply chain, no BYOD risks
Network Topology Peer-to-peer mesh (no central server) No single point of failure, distributed architecture
Data Persistence Zero (real-time streaming only, no recording) No data-at-rest security requirements
External Connectivity None (local network only) Air-gapped, SCIF-compatible
Device Authentication HMAC Challenge-Response with Nonce (HMAC-SHA256, 30s replay window, rate limiting) Cryptographic proof, no credential management, iOS Keychain storage
Encryption DTLS-SRTP (peer-to-peer) End-to-end encrypted media streams
Platform iOS/iPadOS/tvOS (Apple devices only) Inherits iOS security model (secure boot, sandboxing)

C. FIPS 199 Categorization

Security Categorization: LOW (per FIPS 199)

Rationale: Overall Impact Level: LOW (per FIPS 199 guidance, overall categorization = highest individual impact)

III. CONTROL FAMILY COVERAGE SUMMARY

Control Family Implemented Partial N/A Notes
AC - Access Control 8 2 12 Role-based streaming, device authentication
AT - Awareness & Training 0 0 5 Organizational responsibility
AU - Audit & Accountability 2 1 13 iOS system logs, no persistent audit trail
CA - Assessment & Authorization 0 0 9 Organizational responsibility
CM - Configuration Management 5 2 7 iOS App Store distribution, version control
CP - Contingency Planning 1 0 12 No data backup needed (no persistence)
IA - Identification & Authentication 3 0 9 Device-level UUID authentication
IR - Incident Response 0 0 10 Organizational responsibility
MA - Maintenance 2 0 4 iOS updates, no remote maintenance
MP - Media Protection 1 0 7 No data-at-rest (N/A for most controls)
PE - Physical & Environmental Protection 0 0 18 Facility controls (customer responsibility)
PL - Planning 0 0 9 Organizational responsibility
PS - Personnel Security 0 0 8 Organizational responsibility
RA - Risk Assessment 0 0 10 Organizational responsibility
SA - System & Services Acquisition 3 1 18 Secure development, supply chain
SC - System & Communications Protection 12 3 15 Air-gapped, encrypted, boundary protection
SI - System & Information Integrity 4 2 11 iOS security features, sandboxing
PT - Privacy (from 800-53A) 5 0 3 Zero data collection, privacy by design

Total: 46 Implemented, 11 Partial, 180 Not Applicable

IV. DETAILED CONTROL IMPLEMENTATION

A. Access Control (AC)

AC-1 IMPLEMENTED Policy and Procedures
Implementation: Vendor provides system documentation, deployment guides, and security architecture documentation. Customer develops organization-specific access control policies for system use.
Responsibility: Shared (Vendor provides documentation, Customer implements organizational policies)
AC-2 PARTIAL Account Management
Implementation: System uses device-level authentication (UUID keys) rather than user accounts. No account provisioning, modification, or termination processes. Each device represents a "role" rather than a user account. Customer manages which physical devices are assigned UUID keys.
Gap: No traditional user account management (by design - device-centric model)
Responsibility: Customer (physical device management)
AC-3 IMPLEMENTED Access Enforcement
Implementation: Role-based access control enforced at application layer. Each role (Witness, Judge, Defendant, Controller, Viewer) has predefined permissions for video/audio streaming and receiving. Permissions are hard-coded and cannot be bypassed by users.
Technical Details: Code Reference: BaseVideoConfManager.swift, role-specific managers
Responsibility: System (automatic enforcement)
AC-4 IMPLEMENTED Information Flow Enforcement
Implementation: Asymmetric information flow control ensures video/audio streams only flow to authorized roles. Example: Witness streams to Defendant, but Defendant cannot stream back to Witness (prevents intimidation). Controller receives streams from Witness and Judge but cannot transmit (monitoring role).
Architecture: Peer-to-peer mesh topology with selective stream routing based on role matrix:
• Witness → Judge (bidirectional)
• Witness → Defendant (unidirectional)
• Witness → Controller (unidirectional)
• Judge → Controller (unidirectional)
Responsibility: System (automatic enforcement)
AC-7 IMPLEMENTED Unsuccessful Logon Attempts
Implementation: HMAC challenge-response authentication includes rate limiting to prevent brute-force attacks. Authentication failures tracked per device. After 3 failed authentication attempts, device enters 30-second cooldown period before accepting new challenges. Failed attempts logged to iOS system logs. Discovery-phase hash mismatch provides first layer of rejection (before HMAC challenge).
Rate Limiting Details:
• Maximum failures: 3 attempts per peer
• Cooldown period: 30 seconds
• Failure tracking: Per-peer failure counter with timer-based reset
• Logging: All authentication failures logged with peer identifier
Code Reference: BaseVideoConfManager.swift:184-185, 617-642
Responsibility: System (automatic enforcement)
AC-8 IMPLEMENTED System Use Notification
Implementation: Application displays system name and vendor on launch screen. Customer may configure iOS Supervised mode to display organizational use notices before device unlock.
Responsibility: Shared (Customer configures device-level notices if required)
AC-11 IMPLEMENTED Session Lock
Implementation: iOS platform automatically locks device after configured idle timeout (configured via iOS Settings or Mobile Device Management). Application requires device unlock (biometric or passcode) to access.
Responsibility: Platform (iOS) + Customer (configuration)
AC-17 NOT APPLICABLE Remote Access
Rationale: System operates on local network only. No remote access capability exists. All participants must be on same LAN.
Responsibility: N/A
AC-18 IMPLEMENTED Wireless Access
Implementation: System supports 802.11ac/ax Wi-Fi with WPA2/WPA3 encryption (configured at access point level). Devices use iOS Wi-Fi security features. Customer configures wireless network security independently.
Responsibility: Customer (wireless network security configuration)
AC-20 IMPLEMENTED Use of External Systems
Implementation: System is self-contained with zero external dependencies. No external system access required or possible (air-gapped design).
Responsibility: System (inherent architectural control)

B. Audit and Accountability (AU)

AU-2 IMPLEMENTED Event Logging
Implementation: Application generates structured logs using iOS unified logging system (os.log). Events logged include:
• Device discovery and connection events
• WebRTC negotiation milestones (offer/answer/ICE)
• Role conflict detection
• Pause control events
• Connection failures and cleanups
Log Location: iOS system logs (accessible via Console.app or device management)
Limitation: Logs are local to each device, not centralized
Code Reference: BaseVideoConfManager.swift (Logger instances throughout)
Responsibility: System (automatic logging)
AU-3 IMPLEMENTED Content of Audit Records
Implementation: Log entries include timestamp (iOS automatic), event type, peer identifiers, role names, and outcome. Example log format:
[Timestamp] [Subsystem] [Category] [Level] Message
Logged Data Elements:
• Timestamp (iOS automatic, UTC)
• Subsystem: "VideoConf"
• Category: Role-specific (e.g., "WitnessManager")
• Log Level: info, warning, error
• Event details: peer display name, UUID (first 8 chars), action taken
Responsibility: System (automatic logging)
AU-6 PARTIAL Audit Review, Analysis, and Reporting
Implementation: Logs accessible via iOS Console.app or Mobile Device Management tools. No automated analysis or reporting capability within application.
Gap: No centralized log aggregation or automated analysis
Customer Responsibility: Implement log collection/analysis using MDM or third-party tools if required
Responsibility: Customer (log review procedures)
Controls AU-4, AU-5, AU-7, AU-8, AU-9, AU-11, AU-12: Mostly customer responsibility (log storage capacity, alerting, time synchronization, protection, retention). System provides basic logging; customer implements organizational audit policies.

C. Configuration Management (CM)

CM-1 IMPLEMENTED Policy and Procedures
Implementation: Vendor maintains documented secure development lifecycle, version control (git), and change management processes. Customer develops organizational configuration management policies.
Responsibility: Shared
CM-2 IMPLEMENTED Baseline Configuration
Implementation: iOS App Store version represents approved baseline. Application code is versioned (currently v2.0). Configuration settings are minimal (UUID key only). Devices should be configured per organizational iOS security baselines (e.g., CIS iOS Benchmark).
Baseline Components:
• Application version: 2.0
• iOS version: 26.0+
• UUID access security key (per deployment)
• Device role assignment (physical labeling recommended)
Responsibility: Vendor (app baseline) + Customer (device baseline)
CM-3 IMPLEMENTED Configuration Change Control
Implementation: Application updates distributed via iOS App Store (Apple's code signing and review process). Customers control update deployment via MDM or manual approval. No runtime configuration changes possible (application is statically configured by design).
Change Control Process:
• Vendor: Git version control, code review, testing, App Store submission
• Customer: MDM-controlled update deployment
Responsibility: Vendor (app changes) + Customer (deployment approval)
CM-6 IMPLEMENTED Configuration Settings
Implementation: Application has minimal configuration (UUID key only). Security-relevant settings are hard-coded (encryption mandatory, role permissions fixed). iOS platform settings (screen lock, passcode complexity, etc.) configured per organizational policy.
Hardcoded Security Settings:
• DTLS-SRTP encryption: Always enabled
• Local network only: Cannot be disabled
• Role permissions: Fixed by role selection
• UUID authentication: Always enforced
Responsibility: System (fixed settings) + Customer (iOS device hardening)
CM-7 IMPLEMENTED Least Functionality
Implementation: Application provides only video/audio conferencing functionality. No extraneous features (no file sharing, chat, recording, screen sharing, external integrations). iOS app sandboxing prevents unauthorized functionality.
Disabled/Absent Functionality:
• No recording capability
• No file transfer
• No screen sharing
• No external API access
• No plugin/extension support
• No internet connectivity
Responsibility: System (minimal design)
CM-8 PARTIAL System Component Inventory
Implementation: Customer maintains inventory of devices (hardware serial numbers, assigned roles, UUID keys). Vendor provides software version information (displayed in app or via MDM).
Customer Responsibility: Maintain device inventory (serial numbers, assignments, UUID keys)
Responsibility: Customer

D. Identification and Authentication (IA)

IA-1 IMPLEMENTED Policy and Procedures
Implementation: Vendor provides authentication architecture documentation (device-level UUID authentication). Customer develops organizational policies for device authorization.
Responsibility: Shared
IA-2 NOT APPLICABLE User Identification and Authentication
Rationale: System uses device-level authentication, not user authentication. No user accounts exist. Device access controlled via iOS device unlock (biometric/passcode), which is platform responsibility.
Responsibility: N/A (device-level model)
IA-3 IMPLEMENTED Device Identification and Authentication
Implementation: Industry-standard HMAC-based cryptographic challenge-response authentication protocol. Devices prove knowledge of shared UUID secret without transmitting it. Multi-layer authentication process prevents spoofing, replay, and brute-force attacks.
Technical Implementation (v2.0 Authentication Protocol):
Phase 1 - Discovery:
• UUID stored in iOS Keychain (kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly)
• Devices broadcast truncated SHA-256 hash of UUID (first 8 bytes only)
• Hash matching identifies potential peers without exposing UUID
Phase 2 - Challenge:
• Initiator generates cryptographically secure 32-byte nonce
• Challenge message includes: nonce + ISO8601 timestamp + protocol version
• Challenge sent via encrypted MultipeerConnectivity channel
Phase 3 - Response:
• Responder computes HMAC-SHA256(UUID, nonce || timestamp)
• Timestamp validated within 30-second window (prevents replay attacks)
• HMAC response transmitted as proof of UUID knowledge
Phase 4 - Validation:
• Initiator validates HMAC using constant-time comparison (prevents timing attacks)
• Authentication success → proceed with WebRTC negotiation
• Authentication failure → rate limiting (3 failures = 30s cooldown)
Security Properties:
• Zero-knowledge proof: UUID never transmitted in plaintext
• Replay protection: Nonce + timestamp ensure one-time use
• Brute-force protection: Rate limiting + 2^128 UUID space
• MITM resistance: HMAC validation proves shared secret knowledge
Code Reference: AuthenticationManager.swift (new), KitManager.swift:68-76, 120-170, BaseVideoConfManager.swift:181-194, 487-631
Standards Compliance: NIST SP 800-63B (Authentication and Lifecycle Management), RFC 2104 (HMAC), FIPS 198-1 (Keyed-Hash Message Authentication Code)
Responsibility: System (automatic enforcement)
IA-5 NOT APPLICABLE Authenticator Management
Rationale: No user passwords or traditional authenticators. UUID keys are pre-distributed via QR code or manual entry. iOS device unlock authenticators (biometric/passcode) managed by platform.
Responsibility: N/A (device-level model)
IA-8 IMPLEMENTED Identification and Authentication (Non-Organizational Users)
Implementation: All devices authenticate via UUID matching (no distinction between organizational/non-organizational). UUID acts as shared secret proving device authorization. Physical device control ensures only authorized devices possess correct UUID.
Responsibility: Customer (UUID distribution control)

E. System and Communications Protection (SC)

SC-1 IMPLEMENTED Policy and Procedures
Implementation: Vendor provides system architecture documentation, encryption specifications, and boundary protection documentation. Customer develops organizational communications protection policies.
Responsibility: Shared
SC-7 IMPLEMENTED Boundary Protection
Implementation: Air-gapped architecture eliminates external boundary. System operates exclusively on local network with zero external connectivity. No internet access required or used. No external trust boundary to protect.
Boundary Controls:
• No external network interfaces configured
• WebRTC ICE servers list is empty (no STUN/TURN)
• MultipeerConnectivity restricted to local subnet
• No DNS queries, no external name resolution
• No cloud services, APIs, or remote endpoints
Code Reference: BaseVideoConfManager.swift:340 (config.iceServers = [])
SCIF Compliance: System is fully compatible with ICD 705 requirements (no external electromagnetic emanations for data transmission)
Responsibility: System (inherent architectural control)
SC-8 IMPLEMENTED Transmission Confidentiality
Implementation: All video/audio streams encrypted using DTLS-SRTP (Datagram Transport Layer Security - Secure Real-time Transport Protocol). Encryption is mandatory and cannot be disabled. Peer-to-peer encryption ensures no intermediary can decrypt streams.
Encryption Details:
• Protocol: DTLS 1.2 for key exchange, SRTP for media
• Key Exchange: WebRTC standard DTLS handshake
• Media Encryption: AES (WebRTC default cipher suites)
• Perfect Forward Secrecy: Each session uses unique keys
• No persistent keys stored
Code Reference: WebRTC framework (LiveKitWebRTC), peer connection creation
Responsibility: System (automatic encryption)
SC-10 IMPLEMENTED Network Disconnect
Implementation: Connections automatically terminate when network connectivity lost. WebRTC ICE connection state monitoring detects disconnections. Application cleans up peer connections on disconnect. No persistent sessions or reconnection attempts (user must manually restart).
Disconnect Handling:
• ICE state monitoring: failed/disconnected/closed triggers cleanup
• MultipeerConnectivity state monitoring: notConnected triggers cleanup
• No automatic reconnection (prevents unauthorized session resumption)
Code Reference: BaseVideoConfManager.swift:302-321 (cleanupPeer)
Responsibility: System (automatic enforcement)
SC-12 IMPLEMENTED Cryptographic Key Establishment and Management
Implementation: WebRTC framework handles DTLS-SRTP key establishment automatically. Keys generated per session using WebRTC standard protocols. No persistent key storage. Keys destroyed when session ends.
Key Management:
• Keys generated: Per-session DTLS handshake
• Key distribution: Automatic via WebRTC SDP exchange
• Key storage: In-memory only, never persisted
• Key destruction: Automatic on connection cleanup
Responsibility: Platform (WebRTC framework)
SC-13 IMPLEMENTED Cryptographic Protection
Implementation: System uses FIPS 140-2 validated cryptographic modules provided by iOS platform. WebRTC uses iOS Security framework for cryptographic operations. All encryption uses validated implementations.
Cryptographic Modules:
• iOS Security framework (FIPS 140-2 validated, Certificate #3867)
• WebRTC cryptography (uses iOS Security framework)
• AES encryption for media streams
• Diffie-Hellman key exchange for DTLS
Responsibility: Platform (iOS) + Framework (WebRTC)
SC-15 IMPLEMENTED Collaborative Computing Devices
Implementation: iOS platform controls camera/microphone access. User explicitly grants permissions on first use. iOS displays indicators when camera/microphone active (green/orange dots). Application cannot bypass iOS permissions.
User Controls:
• iOS Settings → Privacy → Camera/Microphone permissions
• Visual indicators when camera/microphone in use
• Hardware camera cover compatible (physical control)
Responsibility: Platform (iOS) + User
SC-17 IMPLEMENTED Public Key Infrastructure Certificates
Implementation: System does not use PKI certificates for authentication (uses UUID-based device authentication instead). WebRTC DTLS uses self-signed certificates for key exchange (standard WebRTC behavior, validated via fingerprint in SDP). No external CA required.
Certificate Usage:
• DTLS: Self-signed certificates (peer-to-peer trust via SDP fingerprint)
• App signing: Apple code signing certificate (platform responsibility)
Responsibility: System (self-signed DTLS) + Platform (app signing)
SC-20 IMPLEMENTED Secure Name/Address Resolution (DNS)
Implementation: System does not use DNS. All device discovery via MultipeerConnectivity using Bonjour (mDNS) on local network. No external name resolution. No DNS queries generated.
Responsibility: System (inherent architectural control)
SC-21 IMPLEMENTED Secure Name/Address Resolution (Recursive/Caching)
Implementation: Not applicable - no DNS queries. Bonjour/mDNS is local-only and does not cache external results.
Responsibility: N/A
SC-22 IMPLEMENTED Architecture and Provisioning for Name/Address Resolution
Implementation: Bonjour service discovery isolated to local subnet. No external DNS infrastructure dependencies.
Responsibility: System (inherent architectural control)
SC-23 IMPLEMENTED Session Authenticity
Implementation: WebRTC DTLS provides session authenticity via certificate fingerprint validation in SDP. MultipeerConnectivity provides peer identity via peer IDs. UUID matching ensures session is between authorized devices.
Session Protection:
• DTLS fingerprint validation (prevents MITM)
• MultipeerConnectivity peer ID verification
• UUID matching before connection establishment
Responsibility: System (automatic enforcement)
SC-28 NOT APPLICABLE Protection of Information at Rest
Rationale: System does not store data at rest. Real-time streaming only, no recording capability. Only persistent data is UUID key (stored in iOS encrypted UserDefaults). iOS FileVault encryption protects device storage.
Responsibility: N/A (no data persistence)
Controls SC-24 through SC-27, SC-29 through SC-47: Mix of N/A (denial of service protection, fail in known state, thin nodes, platform as a service, virtualization, etc.) and customer responsibility (operating system hardening, heterogeneity, etc.).

F. System and Information Integrity (SI)

SI-1 IMPLEMENTED Policy and Procedures
Implementation: Vendor maintains secure development practices, vulnerability management, and patch management processes. Customer develops organizational information integrity policies.
Responsibility: Shared
SI-2 IMPLEMENTED Flaw Remediation
Implementation: Vendor monitors for security flaws, develops patches, and distributes updates via iOS App Store. Customer deploys updates via MDM or manual approval. Apple's App Store review provides additional security validation.
Patch Process:
• Vendor: GitHub issue tracking, security review, testing
• Distribution: iOS App Store (Apple code review + signing)
• Deployment: Customer-controlled via MDM
Responsibility: Vendor (flaw remediation) + Customer (patch deployment)
SI-3 IMPLEMENTED Malicious Code Protection
Implementation: iOS platform provides malicious code protection through App Store review, code signing, sandboxing, and runtime protections. Application cannot execute arbitrary code or download external code.
Platform Protections:
• App Store review (manual + automated malware scanning)
• Mandatory code signing (Apple developer certificate)
• App sandboxing (restricted file system/network access)
• No dynamic code loading permitted
• No external code download capability
Responsibility: Platform (iOS)
SI-4 PARTIAL System Monitoring
Implementation: Application logs events to iOS system logs. No real-time monitoring or alerting within application. Customer may implement monitoring via MDM or SIEM integration with iOS device logs.
Gap: No built-in alerting or centralized monitoring
Customer Responsibility: Implement monitoring via organizational tools (MDM, SIEM)
Responsibility: Customer
SI-7 IMPLEMENTED Software, Firmware, and Information Integrity
Implementation: iOS code signing ensures application integrity. Apple validates application binary has not been modified. Users cannot run modified versions of application (would fail code signature verification).
Integrity Protection:
• Apple code signing (mandatory for iOS apps)
• App Store distribution (binary integrity)
• iOS runtime verification (checks signature on launch)
• No jailbreak support (app disabled on jailbroken devices can be enforced via code)
Responsibility: Platform (iOS) + Vendor (code signing)
SI-10 PARTIAL Information Input Validation
Implementation: Application validates UUID format, peer identities, and WebRTC signaling messages. Swift type safety provides compile-time input validation. JSON decoding validates message structure.
Input Validation:
• UUID format validation (RFC 4122 format check)
• JSON message schema validation (Codable protocol)
• Peer ID validation (MultipeerConnectivity framework)
• SDP validation (WebRTC framework)
Gap: No explicit fuzzing or adversarial input testing documented
Responsibility: System + Platform
Controls SI-5, SI-8, SI-11, SI-12, SI-16: Mix of customer responsibility (spam protection, error handling, information handling) and N/A (no email, no output to external systems).

G. Media Protection (MP)

MP-1 IMPLEMENTED Policy and Procedures
Implementation: Customer develops media protection policies for physical devices. Vendor documentation notes zero data persistence (no media to protect beyond physical hardware).
Responsibility: Customer
Controls MP-2 through MP-8: Not applicable - system does not record, store, or transport digital media. Real-time streaming only. Physical device protection is customer responsibility (standard device security policies).

H. Privacy Controls (PT - Appendix J)

PT-1 IMPLEMENTED Policy and Procedures for Privacy
Implementation: Vendor privacy policy states zero data collection. Customer develops organizational privacy policies for video conferencing usage.
Vendor Privacy Statement: "Standpoint does not collect, store, or transmit any user data, telemetry, analytics, or personally identifiable information. All video/audio streams are real-time only and not recorded or logged."
Responsibility: Vendor (zero collection) + Customer (organizational policy)
PT-2 IMPLEMENTED Authority to Collect
Implementation: System does not collect personal information. Customers establish authority for video conferencing under their organizational policies (e.g., court rules, consent agreements).
Responsibility: Customer (organizational authority)
PT-3 IMPLEMENTED Personally Identifiable Information Processing and Transparency
Implementation: System processes video/audio in real-time only (transient data). No persistent storage or third-party sharing. Privacy notice provided in application documentation.
Data Lifecycle:
• Collection: Real-time camera/microphone capture
• Processing: Encoding and streaming (in-memory only)
• Storage: None (zero persistence)
• Sharing: Peer-to-peer streaming to authorized devices only
• Destruction: Automatic upon session end (memory cleared)
Responsibility: System (automatic handling)
PT-5 IMPLEMENTED Privacy Impact Assessment
Implementation: Vendor provides privacy architecture documentation. Customer conducts Privacy Impact Assessment per organizational requirements. System's zero-collection design minimizes privacy risk.
Privacy Risk Assessment:
• Risk: Unauthorized access to video streams → Mitigation: UUID authentication, encryption
• Risk: Data breach → Mitigation: No data storage (no breach possible)
• Risk: Third-party disclosure → Mitigation: Air-gapped (no external connectivity)
Responsibility: Customer (PIA process)
PT-7 IMPLEMENTED System Privacy Requirements
Implementation: System designed with privacy by default. No opt-out needed because no data collection occurs. Users cannot be individually identified by system (device-level authentication only).
Privacy by Design Features:
• No user accounts or profiles
• No usage tracking or analytics
• No device fingerprinting
• No IP address logging to external systems
• No cross-session data correlation
Responsibility: System (inherent design)

V. ORGANIZATIONAL CONTROLS

The following control families are primarily organizational responsibilities. Standpoint provides a technical platform; customers must implement organizational controls per their policies:

AT - Awareness and Training: Customer provides security awareness training and role-based training for system operators.

CA - Assessment and Authorization: Customer conducts security assessments and authorizes system operation per organizational ATO process.

CP - Contingency Planning: Customer develops contingency plans (system failure procedures, backup proceedings). No data backup needed (system has no persistent data).

IR - Incident Response: Customer implements incident response procedures for security events (unauthorized access, device theft, etc.).

PE - Physical and Environmental Protection: Customer implements physical security controls for facilities where system operates (access control, surveillance, environmental controls).

PL - Planning: Customer develops system security plans, rules of behavior, and privacy plans per organizational requirements.

PS - Personnel Security: Customer implements personnel security policies (background checks, termination procedures, etc.).

RA - Risk Assessment: Customer conducts organizational risk assessments and vulnerability assessments.

VI. SUPPLY CHAIN AND ACQUISITION (SA)

SA-3 IMPLEMENTED System Development Life Cycle
Implementation: Vendor follows secure development lifecycle:
• Version control: Git (GitHub)
• Code review: Mandatory for all changes
• Testing: Automated builds, manual testing
• Documentation: Architecture documentation, API documentation
• Release process: Versioned releases, App Store distribution
Responsibility: Vendor
SA-4 PARTIAL Acquisition Process
Implementation: Turn-key kit includes pre-configured hardware. Customer can request specific iOS versions or device models. Security requirements documented in sole-source justification document.
Supply Chain:
• Hardware: Apple iOS devices (purchased through authorized channels)
• Software: Developed by Enomoli, distributed via Apple App Store
• Configuration: Vendor pre-configures UUID keys if requested
Responsibility: Vendor + Customer
SA-8 IMPLEMENTED Security Engineering Principles
Implementation: System designed using security engineering principles:
• Least privilege: Roles have minimum necessary permissions
• Defense in depth: Multiple security layers (hash-based discovery, HMAC challenge-response, encryption, role-based access)
• Fail safe: Connection failures result in no access (closed by default)
• Economy of mechanism: Simple architecture, minimal attack surface
• Complete mediation: All stream access checked by role enforcement
• Separation of privilege: Device authentication separate from role authorization
• Open design: Architecture documented, not security by obscurity
• Psychological acceptability: QR code setup makes strong security easy to use
• Least common mechanism: Per-session HMAC challenges, no shared state between authentications
Security by Design Features (v2.0):
• Zero-knowledge authentication (UUID never exposed on network)
• Cryptographic proof of device authorization (HMAC-SHA256)
• Replay attack prevention (timestamp + nonce validation)
• Timing attack resistance (constant-time HMAC comparison)
• Brute-force mitigation (rate limiting + 2^128 UUID keyspace)
Responsibility: Vendor (design)
SA-10 IMPLEMENTED Developer Configuration Management
Implementation: Git version control, code signing, release management. All code changes tracked and reviewed.
Responsibility: Vendor

VII. COMPLIANCE SUMMARY AND RECOMMENDATIONS

A. Overall Compliance Posture

Assessment Area Finding Risk Level
Technical Controls 46 controls implemented, 11 partial LOW RISK
Organizational Controls Customer responsibility (standard for COTS products) MODERATE RISK (depends on customer implementation)
Air-Gapped Operation Zero external dependencies confirmed LOW RISK
Data Protection No persistent data storage LOW RISK
Access Control Role-based enforcement implemented LOW RISK

B. Recommended Supplemental Controls (Customer Implementation)

  1. Physical Security (PE): Implement physical access controls for rooms where system operates. Secure device storage when not in use.
  2. Audit Review (AU-6): Implement periodic review of iOS system logs. Consider MDM integration for centralized log collection.
  3. Incident Response (IR): Develop incident response procedures for device theft, unauthorized access, or system compromise.
  4. Personnel Security (PS): Conduct background checks for personnel with device access. Implement least-privilege access to UUID keys.
  5. Training (AT): Provide role-specific training for operators (how to detect connection issues, proper device handling, etc.).
  6. Configuration Management (CM-8): Maintain accurate device inventory including serial numbers, assigned roles, and UUID keys.
  7. Contingency Planning (CP-2): Develop backup procedures for system failures (e.g., spare devices, alternative communication methods).

C. Authority to Operate (ATO) Considerations

Favorable ATO Factors:

D. Risk Acceptance Recommendations

The following gaps may require risk acceptance or compensating controls:

Gap NIST Control Recommended Compensating Control
No centralized audit log repository AU-6, AU-9 Implement MDM-based log collection, or accept risk for Low-impact system
No real-time monitoring/alerting SI-4 Implement MDM monitoring alerts, or periodic manual review
No traditional user account management AC-2 Document device-level model as architectural decision, manage via device inventory
No automated vulnerability scanning RA-5 Rely on vendor patch management + App Store security review

VIII. CONCLUSION

Standpoint Video Conferencing System demonstrates strong compliance with NIST SP 800-53 Rev. 5 controls applicable to Low-impact information systems. The air-gapped architecture and zero-persistence design inherently satisfy many security controls that would otherwise require extensive implementation efforts.

Key Strengths:

Organizations deploying Standpoint should focus on implementing organizational controls (physical security, training, incident response) while leveraging the system's inherent technical controls. The favorable security posture and reduced attack surface make this system well-suited for environments requiring high assurance with minimal infrastructure complexity.

Contact Information

Security & Compliance Questions: Josh Person
Email: jperson@enomoli.com
Phone: 913-485-3529

Document Disclaimer

This compliance documentation has been prepared by Enomoli, LLC to assist organizations in evaluating the Standpoint Video Conferencing System against NIST SP 800-53 Rev. 5 security controls. The control mappings represent vendor assessment as of the document date and should be independently verified by customer security teams during Authority to Operate (ATO) processes.

Control implementation status (Implemented/Partial/N/A) reflects system capabilities at the application layer. Organizational controls and customer-specific security policies must be implemented per each organization's security requirements and risk tolerance. This document does not constitute an official security assessment or authorization.

Compliance Scope: This document addresses NIST SP 800-53 Rev. 5 controls. Organizations subject to other frameworks (FedRAMP, CMMC, CJIS, etc.) should conduct separate compliance assessments. Vendor provides technical documentation to support customer-led assessments.

Version: 1.1 | Date: November 5, 2025 | Document ID: STAND-NIST80053-001