CMMC Practice Requirement:

Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.

CMMC Requirement Explanation:

Collaborative computing devices include smart boards, cameras systems, and microphones. This includes cameras and microphones built into laptops. These devices often have the capability of being activated remotely and can capture sensitive information. By disabling this you can reduce the risk of an attacker gaining access to a system and listening into conversations.

Example CMMC Implementation:

If you have a smart board in your office make sure that it indicates (e.g. an on light indicator) when it's camera or microphone is active. The same applies to microphones in conference rooms, they should indicate when they are active. If your devices don't indicate when they are active then hang up a paper stating that microphones may be active. If you have workstations with cameras and microphones configured them to indicate when the camera or microphone is in use. This is often indicated by a small light next to a laptop's camera. Where possible, prevent cameras and microphones from being activated remotely. Using RDP, you can remote into a Windows systems and use the microphone. Disable this feature using group policy.

Scenario(s):

- Scenario 1:

You want to prevent the remote activation of microphones on your systems. To accomplish this you use group policy to prevent RDP sessions from allowing audio recordings.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance