Level 2
Description:
Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.
[29] Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.
Priority: High
Domain: SYSTEM AND COMMUNICATIONS PROTECTION (SC)
Category: Baseline Security Configurations
Services Associated with AWS:
- AWS IoT Core
- AWS Device Defender
- Amazon Chime
- AWS IoT Core
Services Associated with Azure:
- Azure IoT Core
- Azure Device Defender
- Azure ITAM
- Azure SBC
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Technical: screen shot of configuration settings
Possible Technology Considerations :
- IT Asset Management (ITAM)
- Secure Baseline Configurations (SBC)
What needs to be answered?
Have collaborative computing devices (e.g., cameras, microphones, etc.) been configured so they cannot be remotely activated? Are users notified when collaborative computing devices are in use?
Checks for AWS
- Prohibit Remote Activation Check
Description: This check ensures that collaborative computing devices, such as networked white boards, cameras, and microphones, cannot be remotely activated without authorized access or user knowledge. The check verifies that there are proper access controls in place to prevent unauthorized remote activation. - Indication of Device Use Check
Description: This check ensures that users receive clear and visible indications when collaborative computing devices are in use. The check verifies that signals or alerts are implemented and operational to notify users whenever these devices are activated.
Checks for Azure
- Prohibit Remote Activation Check:
Description: This check ensures that collaborative computing devices, such as cameras, microphones, and networked whiteboards, cannot be remotely activated without authorized access or user knowledge. It verifies the implementation of proper access controls to prevent unauthorized remote activation, thereby enhancing the security and privacy of these devices. - Indication of Device Use Check:
Description: This check ensures that users are appropriately notified when collaborative computing devices are in use. It verifies the presence and functionality of clear and visible signals or alerts that inform users whenever these devices are activated. By providing users with this indication, it enhances transparency and awareness of device activities, promoting trust and user confidence in the system.
More Details:
Collaborative computing devices not in use within organization.