No remote activation of webcams or mics, and users should know when they're on.
What it actually means
Collaborative computing devices — webcams, microphones, conferencing devices — shouldn't be remotely activatable without the user's knowledge, and there must be a clear indication when they're in use. In practice the built-in on-air light and OS privacy controls usually satisfy this; document that remote activation is prohibited.
Pass or fail — an assessor needs a "yes" to each
- Is remote activation of cameras / mics prohibited by policy and configuration?
- Is there a visible or audible indication when these devices are active?
What to have ready
- Policy prohibiting remote activation
- Device / OS settings and the in-use indicator (camera light)
Where teams trip up
- Conferencing apps configured to auto-join with camera / mic on
- No policy addressing it at all
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →