SC.L2-3.13.12 — Prohibit remote activation 27 of collaborative computing devices and provide indication of devices in use to users present at the device.
What this control requires
Prohibit remote activation 27 of collaborative computing devices and provide indication of devices in use to users present at the device.
Source: CMMC L2 v2.13 SC.L2-3.13.12 / NIST SP 800-171 R2 3.13.12 (official control text).
Why this matters
Modern offices deploy always-connected cameras, microphones, smart displays, and collaborative room systems that attackers can remotely activate to eavesdrop on sensitive conversations, capture proprietary information on whiteboards, or record personnel movements. This control prevents adversaries from turning organizational collaboration devices into surveillance tools without physical presence. It also ensures employees know when devices are transmitting, protecting privacy and reducing insider risk from covert recording. Without these safeguards, a compromised endpoint or malicious actor with network access can weaponize the very tools meant to enhance productivity.
What evidence assessors expect
Assessors typically look for: screenshot, photo, configuration export, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SC.L2-3.13.12.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →