NIST 800-171 - Collaborative Computing Devices (3.13.12)

Overview:
Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.

Action Items:
3.13.12[a]
Determine if: collaborative computing devices are identified.

3.13.12[b]
Determine if: collaborative computing devices provide indication to users of devices in use.

3.13.12[c]
Determine if: remote activation of collaborative computing devices is prohibited.

POTENTIAL ASSESSMENT METHODS AND OBJECTS

1
Examine: System and communications protection policy; procedures addressing collaborative computing; access control policy and procedures; system security plan; system design documentation; system audit logs and records; system configuration settings and associated documentation; other relevant documents or records].

2
Interview: System or network administrators; personnel with information security responsibilities; system developer; personnel with responsibilities for managing collaborative computing devices].

3
Test: Mechanisms supporting or implementing management of remote activation of collaborative computing devices; mechanisms providing an indication of use of collaborative computing devices].

Related Documents (document name and content will vary by organization):
1) System and communications protection policy
2) procedures addressing collaborative computing
3) access control policy and procedures
4) system security plan
5) system design documentation
6) system audit logs and records
7) system configuration settings and associated documentation
8) other relevant documents or records

Additional Guidance:
Collaborative computing devices include, for example, networked white boards, cameras, and microphones. Indication of use includes, for example, signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.