NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-42(3)Prohibit Use of Devices

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Prohibit the use of certain sensor-equipped devices in sensitive areas where unauthorized data collection poses a significant risk.

Example 1: Ban personal cell phones and smart watches from SCIFs, server rooms, and classified work areas. Post signs at entry points and provide secure storage lockers outside the controlled area.

Example 2: Prohibit the use of IoT devices (smart speakers, smart displays, connected thermostats) in areas where sensitive conversations occur. These devices may transmit audio or environmental data to cloud services outside your control.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability