NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-15Collaborative Computing Devices and Applications

Prohibit remote activation of collaborative computing devices and applications with the following exceptions: {{ insert: param, sc-15_odp }} ; and Provide an explicit indication of use to users physically present at the devices.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Collaborative computing devices and applications include remote meeting devices and applications, networked white boards, cameras, and microphones. The explicit indication of use includes signals to users when collaborative computing devices and applications are activated.

Practitioner Notes

Collaborative computing devices — webcams, microphones, smart displays, conference room systems — can be used for eavesdropping if not properly controlled. You need the ability to disable them when not in use.

Example 1: Use a GPO to disable built-in microphones and cameras on workstations by default. Users must explicitly enable them through a controlled process (like requesting temporary access through a self-service portal) before joining a video call.

Example 2: In conference rooms with Zoom or Teams Rooms devices, install physical camera covers and use systems with hardware mute buttons that physically disconnect the microphone circuit. Train staff to engage the mute/cover when meetings are not in progress.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability