NIST 800-171 • LEVEL 2 • SYSTEM AND COMMUNICATIONS PROTECTION
3.13.12 — Collaborative Computing Devices and Applications
Prohibit the remote activation of collaborative computing devices and applications with the following exceptions: {{ insert: param, A.03.13.12.ODP.01 }}. Provide an explicit indication of use to users physically present at the devices.
CMMC Practice Mapping
NIST 800-53 Controls
Assessment Objectives
- the remote activation of collaborative computing devices and applications is prohibited with the following exceptions: {{ insert: param, A.03.13.12.ODP.01 }}.
- an explicit indication of use is provided to users who are physically present at the devices.
Practitioner Notes
Collaborative computing devices include things like webcams, microphones, and smart displays in conference rooms. The concern is that these could be remotely activated to eavesdrop. You need to prevent remote activation and make it obvious to people in the room when these devices are active.
Example 1: Use a GPO to disable the camera and microphone on workstations by default. Under Computer Configuration > Administrative Templates > Windows Components > Camera, set Allow Use of Camera to Disabled. For microphone access, manage it through Settings > Privacy > Microphone or deploy an Intune device restriction profile that blocks microphone access for all apps except approved conferencing tools like Teams.
Example 2: For conference room systems (like Microsoft Teams Rooms devices or Zoom Rooms), ensure the device has a physical indicator light that activates when the camera or microphone is in use. Configure the device to require a physical button press to start a meeting -- do not allow remote meeting joins to automatically activate A/V hardware. Disable remote management features that could allow external activation.