SC-15(2) — Blocking Inbound and Outbound Communications Traffic

Block collaborative computing devices from sending or receiving unauthorized traffic — preventing them from being used as covert communication channels.

Example 1: Place conference room video systems on a dedicated VLAN with strict firewall rules. They can only communicate with your approved video conferencing service (Teams, Zoom) and cannot reach the internet or internal servers for any other purpose.

Example 2: On endpoint workstations, use application control policies (AppLocker, WDAC) to restrict which applications can access the camera and microphone. Only approved conferencing apps (Teams, Zoom) are allowed — unknown applications cannot access these devices.