Any collaborative communication devices such as teleconferencing equipment residing in sensitive work areas shall have remote activation methods disabled, and administrative access to the device shall be restricted to authorized IT personnel. An exception to this control is approved for communication devices in public conference rooms.
Unauthorized parties gain access to sensitive, secure areas due to the lack of implemented physical security controls.
The information system:
a. Prohibits remote activation of collaborative computing devices with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]; and
b. Provides an explicit indication of use to users physically present at the devices.
a. Automated mechanisms prevent access to collaborative computing devices, unless explicitly defined.
b. Explicit indication of use includes, for example, signals to local users when cameras and/or microphones are activated.
The information system prohibits remote activation of collaborative computing mechanisms and provides an explicit indication of use to the local users.
Obtain system and communications protection policy; procedures addressing collaborative computing; access control policy and procedures; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if :
(I)the information system prohibits remote activation of collaborative computing mechanisms and provides an explicit indication of use to the local users.