CMMC Requirement SC.L2-3.13.12 – Collaborative Device Control: Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.
- Cloudwards – How to Secure Your Webcam: 3 Ways to Stop Spying
This article describes the ways to secure webcams to prevent spying.
- CMMC Level 2 Assessment Guide
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.
- dialpad – 5 Steps for Secure Video Conferencing
This article describes the steps to take to secure video conferencing.
- Federal Trade Commission – How to Secure Your Home Security Cameras
This article describes how to secure and access webcams.
- Rev – Follow These 7 Video Conferencing Security Best Practices
This article describes several video conferencing security best practices.
Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.
Further Discussion
Notification that a device is in use can include an indicator light that turns on or a specific text window that appears on screen. If a device does not have the means to alert a user when in use, the organization should provide manual means. Manual means can include, as necessary:
- paper notification on entryways; and
- locking entryways when a collaborative computing device is in use.
This requirement is not intended to include technologies that enable users to share the contents of their computer screens via the internet.