SC 15 COLLABORATIVE COMPUTING DEVICES AND APPLICATIONS - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

SC-15 COLLABORATIVE COMPUTING DEVICES AND APPLICATIONS

Control:

  • a. Prohibit remote activation of collaborative computing devices and applications with the following exceptions: [ Assignment: organization-defined exceptions where remote activation is to be allowed ]; and
  • b. Provide an explicit indication of use to users physically present at the devices.

Discussion: Collaborative computing devices and applications include remote meeting devices and applications, networked white boards, cameras, and microphones. The explicit indication of use includes signals to users when collaborative computing devices and applications are activated.

Related Controls: AC-21 , SC-42.

Control Enhancements:

  • (1) COLLABORATIVE COMPUTING DEVICES / PHYSICAL OR LOGICAL DISCONNECT
    Provide [ Selection (one or more): physical; logical ] disconnect of collaborative computing devices in a manner that supports ease of use.

    Discussion: Failing to disconnect from collaborative computing devices can result in subsequent compromises of organizational information. Providing easy methods to disconnect from such devices after a collaborative computing session ensures that participants carry out the disconnect activity without having to go through complex and tedious procedures. Disconnect from collaborative computing devices can be manual or automatic.

    Related Controls: None.

  • (2) COLLABORATIVE COMPUTING DEVICES / BLOCKING INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC
    [Withdrawn: Incorporated into SC-7 .]

  • (3) COLLABORATIVE COMPUTING DEVICES / DISABLING AND REMOVAL IN SECURE WORK AREAS
    Disable or remove collaborative computing devices and applications from [ Assignment: organization-defined systems or system components ] in [ Assignment: organization-defined secure work areas ].

    Discussion: Failing to disable or remove collaborative computing devices and applications from systems or system components can result in compromises of information, including eavesdropping on conversations. A Sensitive Compartmented Information Facility (SCIF) is an example of a secure work area.

    Related Controls: None.

  • (4) COLLABORATIVE COMPUTING DEVICES / EXPLICITLY INDICATE CURRENT PARTICIPANTS
    Provide an explicit indication of current participants in [ Assignment: organization-defined online meetings and teleconferences ].

    Discussion: Explicitly indicating current participants prevents unauthorized individuals from participating in collaborative computing sessions without the explicit knowledge of other participants.

    Related Controls: None.

References: None.

⚠️ **GitHub.com Fallback** ⚠️