>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

3.13.12System and Communications Protection - Derived

Derived Requirement

>Control Description

Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.[29].

>Discussion

Collaborative computing devices include networked white boards, cameras, and microphones. Indication of use includes signals to users when collaborative computing devices are activated. Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded. [29] Dedicated video conferencing systems, which rely on one of the participants calling or connecting to the other party to activate the video conference, are excluded.

>Cross-Framework Mappings

CMMC

SC.L2-3.13.12
Compare

SCF

END-14
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What documented policies and procedures address system and communications protection - derived for CUI systems?
  • Who is accountable for implementing and maintaining system and communications protection - derived controls?
  • How frequently are system and communications protection - derived requirements reviewed, and what triggers updates?
  • What process ensures changes to systems maintain compliance with system and communications protection - derived requirements?
  • How are exceptions to system and communications protection - derived requirements documented and approved?

Technical Implementation:

  • What technical controls enforce system and communications protection - derived in your CUI environment?
  • How are system and communications protection - derived controls configured and maintained across all CUI systems?
  • What automated mechanisms support system and communications protection - derived compliance?
  • How do you validate that system and communications protection - derived implementations achieve their intended security outcome?
  • What compensating controls exist if primary system and communications protection - derived controls cannot be fully implemented?

Evidence & Documentation:

  • What documentation proves system and communications protection - derived is implemented and operating effectively?
  • Can you provide configuration evidence showing how system and communications protection - derived is technically enforced?
  • What audit logs or monitoring data demonstrate ongoing system and communications protection - derived compliance?
  • Can you show evidence of a recent review or assessment of system and communications protection - derived controls?
  • What artifacts would you provide to a CMMC assessor to demonstrate system and communications protection - derived compliance?

Ask AI

Configure your API key to use AI features.