Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

sc-15

collaborative computing devices

assessment objective:

Determine if:

sc-15(a)

sc-15(a)[1]

the organization defines exceptions where remote activation of collaborative computing devices is to be allowed;

sc-15(a)[2]

the information system prohibits remote activation of collaborative computing devices, except for organization-defined exceptions where remote activation is to be allowed; and

sc-15(b)

the information system provides an explicit indication of use to users physically present at the devices.

potential assessment methods and objects:

Examine: [select from: System and communications protection policy; procedures addressing collaborative computing; access control policy and procedures; information system design documentation; information system configuration settings and associated documentation; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with responsibilities for managing collaborative computing devices].

Test: [select from: Automated mechanisms supporting and/or implementing management of remote activation of collaborative computing devices; automated mechanisms providing an indication of use of collaborative computing devices].