last sync: 2024-Oct-11 17:51:27 UTC

Prohibit remote activation of collaborative computing devices | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Prohibit remote activation of collaborative computing devices
Id 678ca228-042d-6d8e-a598-c58d5670437d
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1648 - Prohibit remote activation of collaborative computing devices
Additional metadata Name/Id: CMA_C1648 / CMA_C1648
Category: Operational
Title: Prohibit remote activation of collaborative computing devices
Ownership: Customer
Description: The customer is responsible for prohibiting remote activation of any collaborative computing devices within or controlled from customer-deployed resources, and defining exceptions where remote activation is allowed (if any).
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 11 compliance controls are associated with this Policy definition 'Prohibit remote activation of collaborative computing devices' (678ca228-042d-6d8e-a598-c58d5670437d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SC-15 FedRAMP_High_R4_SC-15 FedRAMP High SC-15 System And Communications Protection Collaborative Computing Devices Shared n/a The information system: a. Prohibits remote activation of collaborative computing devices with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]; and b. Provides an explicit indication of use to users physically present at the devices. Supplemental Guidance: Collaborative computing devices include, for example, networked white boards, cameras, and microphones. Explicit indication of use includes, for example, signals to users when collaborative computing devices are activated. Related control: AC-21. References: None. link 2
FedRAMP_Moderate_R4 SC-15 FedRAMP_Moderate_R4_SC-15 FedRAMP Moderate SC-15 System And Communications Protection Collaborative Computing Devices Shared n/a The information system: a. Prohibits remote activation of collaborative computing devices with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]; and b. Provides an explicit indication of use to users physically present at the devices. Supplemental Guidance: Collaborative computing devices include, for example, networked white boards, cameras, and microphones. Explicit indication of use includes, for example, signals to users when collaborative computing devices are activated. Related control: AC-21. References: None. link 2
hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 04 Mobile Device Security 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking Shared n/a Mobile computing devices are protected at all times by access controls, usage restrictions, connection requirements, encryption, virus protections, host-based firewalls, or equivalent functionality, secure configurations, and physical protections. 7
hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09 Transmission Protection 0916.09s2Organizational.4-09.s 09.08 Exchange of Information Shared n/a The information system prohibits remote activation of collaborative computing devices and provides an explicit indication of use to users physically present at the devices. 7
ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Communications Security Information transfer policies and procedures Shared n/a Formal transfer policies, procedures and controls shall be in place to protect the transfer of information through the use of all types of communication facilities. link 32
mp.info.2 Rating of information mp.info.2 Rating of information 404 not found n/a n/a 45
NIST_SP_800-171_R2_3 .13.12 NIST_SP_800-171_R2_3.13.12 NIST SP 800-171 R2 3.13.12 System and Communications Protection Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device Shared Microsoft and the customer share responsibilities for implementing this requirement. Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded. link 2
NIST_SP_800-53_R4 SC-15 NIST_SP_800-53_R4_SC-15 NIST SP 800-53 Rev. 4 SC-15 System And Communications Protection Collaborative Computing Devices Shared n/a The information system: a. Prohibits remote activation of collaborative computing devices with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]; and b. Provides an explicit indication of use to users physically present at the devices. Supplemental Guidance: Collaborative computing devices include, for example, networked white boards, cameras, and microphones. Explicit indication of use includes, for example, signals to users when collaborative computing devices are activated. Related control: AC-21. References: None. link 2
NIST_SP_800-53_R5 SC-15 NIST_SP_800-53_R5_SC-15 NIST SP 800-53 Rev. 5 SC-15 System and Communications Protection Collaborative Computing Devices and Applications Shared n/a a. Prohibit remote activation of collaborative computing devices and applications with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]; and b. Provide an explicit indication of use to users physically present at the devices. link 2
op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found n/a n/a 50
org.3 Security procedures org.3 Security procedures 404 not found n/a n/a 83
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 678ca228-042d-6d8e-a598-c58d5670437d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC