NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION
SC-42 — Sensor Capability and Data
Prohibit {{ insert: param, sc-42_odp.01 }} ; and Provide an explicit indication of sensor use to {{ insert: param, sc-42_odp.05 }}.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
Supplemental Guidance
Sensor capability and data applies to types of systems or system components characterized as mobile devices, such as cellular telephones, smart phones, and tablets. Mobile devices often include sensors that can collect and record data regarding the environment where the system is in use. Sensors that are embedded within mobile devices include microphones, cameras, Global Positioning System (GPS) mechanisms, and accelerometers. While the sensors on mobiles devices provide an important function, if activated covertly, such devices can potentially provide a means for adversaries to learn valuable information about individuals and organizations. For example, remotely activating the GPS function on a mobile device could provide an adversary with the ability to track the movements of an individual. Organizations may prohibit individuals from bringing cellular telephones or digital cameras into certain designated facilities or controlled areas within facilities where classified information is stored or sensitive conversations are taking place.
Practitioner Notes
Control sensors (cameras, microphones, GPS, accelerometers) on organizational devices to prevent unauthorized collection of sensitive information.
Example 1: Use mobile device management (Intune, JAMF) to control which applications can access the camera, microphone, and location services on corporate phones and tablets. Only approved apps get sensor access.
Example 2: In sensitive work areas, require that laptop webcams have physical covers and that phones be placed in signal-blocking pouches. Use GPO to disable microphone access for all applications except approved conferencing software.