Details

This policy setting controls whether the use of Camera devices on the machine are permitted.

The recommended state for this setting is: Disabled.

Rationale:

Cameras in a high security environment can pose serious privacy and data exfiltration risks – they should be disabled to help mitigate that risk.

Impact:

Users will not be able to utilize the camera on a system.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsCameraAllow Use of Camera

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Camera.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).

Default Value:

Enabled. (Camera devices are enabled.)

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3476

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Windows.

References

• 800-53|CM-1
• 800-53|CM-2
• 800-53|CM-6
• 800-53|CM-7
• 800-53|IA-5
• CSCv7|5.1

Source

• Tenable.com/audits