Title

Software and/or firmware used for collaborative computing devices must prohibit remote activation excluding the organization-defined exceptions where remote activation is to be allowed. (Cat II impact)

Discussion

Collaborative computing devices include, networked white boards, cameras, and microphones. Collaborative software examples include instant messaging or chat clients. Rationale for non-applicability: Remote activation requires the application to provide some form of server functionality even if only to listen for remote activation calls. Server applications are expressly excluded from the scope of this SRG. If the remote activation is achieved locally through an operating system command, then this control must be implemented by the operating system. In this case, the application has no reliable mechanism to detect that the activation is remote.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46815r1_rule

Vulnerability ID: V-35528

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.