SV-230802r599842_rule
V-230802
SRG-OS-000095-GPOS-00049
APPL-11-002017
CAT II
10
This setting is enforced using the "Restrictions Policy" configuration profile.
If the device or operating system does not have a camera installed, this requirement is not applicable.
This requirement is not applicable to mobile devices (smartphones and tablets), where the use of the camera is a local AO decision.
This requirement is not applicable to dedicated VTC suites located in approved VTC locations that are centrally managed.
For an external camera, if there is not a method for the operator to manually disconnect camera at the end of collaborative computing sessions, this is a finding.
For a built-in camera, the camera must be protected by a camera cover (e.g., laptop camera cover slide) when not in use. If the built-in camera is not protected with a camera cover, or is not physically disabled, this is a finding.
If the camera is not disconnected, covered, or physically disabled, the following configuration is required:
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowCamera
If the result is “allowCamera = 1” and the collaborative computing device has not been authorized for use, this is a finding.
V-230802
False
APPL-11-002017
If the device or operating system does not have a camera installed, this requirement is not applicable.
This requirement is not applicable to mobile devices (smartphones and tablets), where the use of the camera is a local AO decision.
This requirement is not applicable to dedicated VTC suites located in approved VTC locations that are centrally managed.
For an external camera, if there is not a method for the operator to manually disconnect camera at the end of collaborative computing sessions, this is a finding.
For a built-in camera, the camera must be protected by a camera cover (e.g., laptop camera cover slide) when not in use. If the built-in camera is not protected with a camera cover, or is not physically disabled, this is a finding.
If the camera is not disconnected, covered, or physically disabled, the following configuration is required:
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowCamera
If the result is “allowCamera = 1” and the collaborative computing device has not been authorized for use, this is a finding.
M
5246