Description:

Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.


[29] Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.


Priority: High


Category: Baseline Security Configurations 


Services Associated with AWS:

  1. AWS IoT Core
  2. AWS Device Defender
  3. Amazon Chime
  4. AWS IoT Core


Objective Evidence:  

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Technical: screen shot of configuration settings 


Possible Technology Considerations : 

  • IT Asset Management (ITAM)
  • Secure Baseline Configurations (SBC) 


What needs to be answered?

Have collaborative computing devices (e.g., cameras, microphones, etc.) been configured so they cannot be remotely activated? Are users notified when collaborative computing devices are in use?

  •  Prohibit Remote Activation Check
    Description: This check ensures that collaborative computing devices, such as networked white boards, cameras, and microphones, cannot be remotely activated without authorized access or user knowledge. The check verifies that there are proper access controls in place to prevent unauthorized remote activation.
  • Indication of Device Use Check
    Description: This check ensures that users receive clear and visible indications when collaborative computing devices are in use. The check verifies that signals or alerts are implemented and operational to notify users whenever these devices are activated.

More Details:

Collaborative computing devices not in use within organization.