GRCWatch
Sign inStart free trial

SC.L2-3.13.12: Collaborative Computing Device Controls

Remote collaboration tools are essential for modern teams, but uncontrolled device activation poses serious security risks. CMMC Level 2 control SC.L2-3.13.12 requires you to block remote activation of collaborative computing devices while ensuring users know when these devices are actively recording. This control prevents unauthorized surveillance and maintains visibility over your organization's communication infrastructure.

What this means

This control mandates two key requirements: first, disable the ability to remotely activate collaborative computing devices like webcams, microphones, and screen-sharing tools without explicit user action; second, provide clear, real-time indication to users when these devices are in active use. This prevents attackers from gaining unauthorized access to sensitive conversations or visual information and ensures employees maintain awareness of what's being transmitted.

How to comply

  1. 1.Inventory all collaborative computing devices (cameras, microphones, speakers, displays) across your network
  2. 2.Configure device settings to prevent remote activation—require manual user input to enable recording or transmission
  3. 3.Enable and test visual/audio indicators (LED lights, on-screen notifications) that activate whenever devices are in use
  4. 4.Update device firmware regularly to patch remote activation vulnerabilities
  5. 5.Implement group policies or mobile device management (MDM) to enforce remote activation restrictions
  6. 6.Train users to recognize active-use indicators and report suspicious device behavior
  7. 7.Document all collaborative computing devices and their security configurations
  8. 8.Conduct quarterly audits to verify remote activation remains disabled and indicators function properly

Evidence auditors look for

  • Device configuration screenshots showing remote activation disabled in BIOS/firmware settings
  • Photos or video demonstrations of LED indicators and on-screen notifications activating during use
  • Network access logs and firewall rules blocking remote device activation commands
  • Mobile device management (MDM) policy enforcement reports for collaborative app restrictions
  • Firmware update logs confirming latest security patches applied to all devices
  • User acknowledgment documentation of collaborative device security training
  • Device inventory spreadsheet with device types, locations, and compliance status
  • Audit reports from IT security reviews confirming indicator functionality testing results

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates the discovery and monitoring of all collaborative computing devices across your network, flags those without proper remote activation restrictions, and tracks evidence of user-indication controls—eliminating manual inventory work and ensuring SC.L2-3.13.12 stays compliant.

See how GRCWatch handles this control automatically

Start free trial

Related controls

SC.L2-3.13.1 (Mobile Device Management)SC.L2-3.1.1 (Information and Communications Technology Security Planning)SC.L2-3.4.7 (Wireless Access Points)AC.L2-3.1.2 (Account Management)