myctrl.tools
Compare

SC-15Collaborative Computing Devices And Applications

LOW
MODERATE
HIGH

>Control Description

a

Prohibit remote activation of collaborative computing devices and applications with the following exceptions: organization-defined exceptions where remote activation is to be allowed; and

b

Provide an explicit indication of use to users physically present at the devices.

>Control Enhancements(4)

SC-15(1)
SC-15(2)
SC-15(3)
SC-15(4)

>Cross-Framework Mappings

SCF

END-14
Compare

>Programmatic Queries

Beta

Related Services

Amazon Chime
Amazon WorkSpaces
AWS Service Catalog

CLI Commands

List Chime accounts and meeting settings
aws chime list-accounts
Get Chime account settings for collaboration controls
aws chime get-account-settings --account-id ACCOUNT_ID
List WorkSpaces access properties
aws workspaces describe-workspace-directories --query 'Directories[].{Dir:DirectoryId,Access:WorkspaceAccessProperties}'
Get global Chime meeting settings
aws chime get-global-settings
Open AWS ConsoleDocumentation

>Supplemental Guidance

Collaborative computing devices and applications include remote meeting devices and applications, networked white boards, cameras, and microphones. The explicit indication of use includes signals to users when collaborative computing devices and applications are activated.

>Related Controls

AC-21
SC-42

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of collaborative computing devices and applications?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-15?

Technical Implementation:

  • How is collaborative computing devices and applications technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that collaborative computing devices and applications remains effective as the system evolves?
  • What network boundary protections are in place (firewalls, gateways, etc.)?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-15?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?
  • Can you provide network architecture diagrams and firewall rulesets?

Ask AI

Configure your API key to use AI features.