CMMC Requirement SC.L2-3.13.12 – Collaborative Device Control: Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.
This article describes the ways to secure webcams to prevent spying. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This article describes the steps to take to secure video conferencing. This article describes how to secure and access webcams. This article describes how to secure IP cameras, and methods to controlling access to them. This article describes several video conferencing security best practices.
Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.
Further Discussion
Notification that a device is in use can include an indicator light that turns on or a specific text window that appears on screen. If a device does not have the means to alert a user when in use, the organization should provide manual means. Manual means can include, as necessary:
- paper notification on entryways; and
- locking entryways when a collaborative computing device is in use.
This requirement is not intended to include technologies that enable users to share the contents of their computer screens via the internet.