GRCWatch
Sign inStart free trial

NIST 800-171 3.13.12: Collaborative Device Control Requirements

Collaborative devices like video conferencing systems and shared screens present a hidden attack surface when left vulnerable to remote activation. NIST 800-171 3.13.12 requires organizations to disable unauthorized remote activation while giving users clear visibility into active sessions. This control prevents adversaries from turning on cameras, microphones, or screen sharing without detection.

What this means

This control mandates two key protections: first, prohibit remote activation of collaborative computing devices (cameras, microphones, speakers, screens) without explicit user authorization; second, provide clear visual or audio indicators when these devices are actively in use. Users must always know when their camera is live or screen is being shared. The requirement protects against unauthorized surveillance and data exfiltration through devices that are often overlooked in security audits.

How to comply

  1. 1.Disable remote activation features on all video conferencing systems, webcams, and screen-sharing platforms by default
  2. 2.Configure devices to require in-person or explicit digital authorization before any remote party can activate cameras or microphones
  3. 3.Implement visual indicators (LED lights, on-screen notifications) that activate whenever a collaborative device is in active use
  4. 4.Establish a policy requiring users to physically disable or cover cameras when not in use as a secondary control layer
  5. 5.Audit and document all collaborative devices across the organization (laptops, conference room systems, mobile devices)
  6. 6.Test remote activation blocks regularly to confirm no backdoors exist in device firmware or application settings
  7. 7.Train staff on recognizing active device indicators and reporting suspicious activation events

Evidence auditors look for

  • Device configuration screenshots showing remote activation disabled in system settings or BIOS
  • Video conferencing platform security audit reports confirming remote camera/microphone activation is blocked
  • Physical inspection photos of devices with functioning LED indicators or camera covers
  • Meeting logs and access control rules proving only authorized users can activate shared devices
  • User training records demonstrating staff awareness of device usage indicators
  • Change management documentation for firmware or software updates that addressed collaborative device security
  • Incident response logs showing detection and investigation of unauthorized device activation attempts

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch's automated device inventory and configuration scanning identifies all collaborative devices in your environment and flags those with remote activation enabled, eliminating manual audits and ensuring 3.13.12 compliance across your entire infrastructure.

See how GRCWatch handles this control automatically

Start free trial

Related controls

NIST 800-171 3.13.1 — Information System MonitoringNIST 800-171 3.13.8 — Monitoring for Unauthorized Network ConnectionsNIST 800-171 3.1.12 — Information System Monitoring for Unauthorized Access