CMMC Practice SC.L2-3.13.12 – Collaborative Device Control: Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.
Links to Publicly Available Resources
This article describes the ways to secure webcams to prevent spying. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This article describes the steps to take to secure video conferencing. This article describes how to secure and access webcams. This article describes how to secure IP cameras, and methods to controlling access to them. This article describes several video conferencing security best practices.
Discussion [NIST SP 800-171 R2]
Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.
Further Discussion
Notification that a device is in use can include an indicator light that turns on or a specific text window that appears on screen. If a device does not have the means to alert a user when in use, the organization should provide manual means. Manual means can include, as necessary:
- paper notification on entryways; and
- locking entryways when a collaborative computing device is in use.
This practice is not intended to include technologies that enable users to share the contents of their computer screens via the internet.