SC-42 Sensor Capability and Data

Baselines

Guidance

Sensor capability and data applies to types of systems or system components characterized as mobile devices, such as cellular telephones, smart phones, and tablets. Mobile devices often include sensors that can collect and record data regarding the environment where the system is in use. Sensors that are embedded within mobile devices include microphones, cameras, Global Positioning System (GPS) mechanisms, and accelerometers. While the sensors on mobiles devices provide an important function, if activated covertly, such devices can potentially provide a means for adversaries to learn valuable information about individuals and organizations. For example, remotely activating the GPS function on a mobile device could provide an adversary with the ability to track the movements of an individual. Organizations may prohibit individuals from bringing cellular telephones or digital cameras into certain designated facilities or controlled areas within facilities where classified information is stored or sensitive conversations are taking place.

References 2

• OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
• SP 800-124 Souppaya MP, Scarfone KA (2013) Guidelines for Managing the Security of Mobile Devices in the Enterprise. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-124, Rev. 1.

Control Enhancements 5

• SC-42(01) Reporting to Authorized Individuals or Roles L M H P
• SC-42(02) Authorized Use L M H P
• SC-42(03) Prohibit Use of Devices
• SC-42(04) Notice of Collection L M H P
• SC-42(05) Collection Minimization L M H P

Related controls 1

• SC-15 Collaborative Computing Devices and Applications L M H P