1. Home
  2. FedRAMP
  3. SC-15

BRACKETOLOGY | FEDRAMP

SC-15: COLLABORATIVE COMPUTING DEVICES

  • FedRAMP Baseline Membership SC-15:
  • LOW
  • MODERATE
  • HIGH

FedRAMP Bracketology

Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH

Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.

Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.

To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open

Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.

The information system:

    • a. Prohibits remote activation of collaborative computing devices with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]; and
    • b. Provides an explicit indication of use to users physically present at the devices.

Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.

The information system:

  • a. Prohibits remote activation of collaborative computing devices with the following exceptions: no exceptions; and
  • b. Provides an explicit indication of use to users physically present at the devices.

FedRAMP REQUIREMENT

The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use.

The information system:

  • a. Prohibits remote activation of collaborative computing devices with the following exceptions: no exceptions; and
  • b. Provides an explicit indication of use to users physically present at the devices.

FedRAMP REQUIREMENT

The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use.

The information system:

  • a. Prohibits remote activation of collaborative computing devices with the following exceptions: no exceptions; and
  • b. Provides an explicit indication of use to users physically present at the devices.

FedRAMP REQUIREMENT

The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use.

SUPPLEMENTAL GUIDANCE

Collaborative computing devices include, for example, networked white boards, cameras, and microphones. Explicit indication of use includes, for example, signals to users when collaborative computing devices are activated.

CONTROL ENHANCEMENTS

SC-15 (1) COLLABORATIVE COMPUTING DEVICES | PHYSICAL DISCONNECT

The information system provides physical disconnect of collaborative computing devices in a manner that supports ease of use.

Supplemental Guidance:

Failing to physically disconnect from collaborative computing devices can result in subsequent compromises of organizational information. Providing easy methods to physically disconnect from such devices after a collaborative computing session helps to ensure that participants actually carry out the disconnect activity without having to go through complex and tedious procedures.

SC-15 (2) COLLABORATIVE COMPUTING DEVICES | BLOCKING INBOUND / OUTBOUND COMMUNICATIONS TRAFFIC

[Withdrawn: Incorporated into SC-7].

SC-15 (3) COLLABORATIVE COMPUTING DEVICES | DISABLING / REMOVAL IN SECURE WORK AREAS

The organization disables or removes collaborative computing devices from [Assignment: organization-defined information systems or information system components] in [Assignment: organization-defined secure work areas].

Supplemental Guidance:

Failing to disable or remove collaborative computing devices from information systems or information system components can result in subsequent compromises of organizational information including, for example, eavesdropping on conversations.

SC-15 (4) COLLABORATIVE COMPUTING DEVICES | EXPLICITLY INDICATE CURRENT PARTICIPANTS

The information system provides an explicit indication of current participants in [Assignment: organization-defined online meetings and teleconferences].

Supplemental Guidance:

This control enhancement helps to prevent unauthorized individuals from participating in collaborative computing sessions without the explicit knowledge of other participants.

REFERENCES:

  • NO REFERENCES