CMMC 1.0 Practice SC.2.178 Requirement:

Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.

CMMC 1.0 SC.2.178 Requirement Explanation:

Collaborative computing devices include smart boards, cameras systems, and microphones. This includes cameras and microphones built into laptops. These devices often have the capability of being activated remotely and can capture sensitive information. By disabling this you can reduce the risk of an attacker gaining access to a system and listening into conversations.

Example CMMC 1.0 SC.2.178 Implementation:

If you have a smart board in your office make sure that it indicates (e.g. an on light indicator) when it's camera or microphone is active. The same applies to microphones in conference rooms, they should indicate when they are active. If your devices don't indicate when they are active then hang up a paper stating that microphones may be active. If you have workstations with cameras and microphones configured them to indicate when the camera or microphone is in use. This is often indicated by a small light next to a laptop's camera. Where possible, prevent cameras and microphones from being activated remotely. Using RDP, you can remote into a Windows systems and use the microphone. Disable this feature using group policy.

CMMC 1.0 SC.2.178 Scenario(s):

- Scenario 1:

You want to prevent the remote activation of microphones on your systems. To accomplish this you use group policy to prevent RDP sessions from allowing audio recordings.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.