{"description": "If the device contains a camera it should be covered or disabled when not in use.", "rationale": "Failing to disconnect from collaborative computing devices (i.e., cameras) can result in subsequent compromises of organizational information.\nProviding easy methods to physically disconnect from such devices after a collaborative computing session helps to ensure participants actually carry out the disconnect activity without having to go through complex and tedious procedures.", "severity": "medium", "references": {"nist": ["CM-7 (a)", "CM-7 (5) (b)"], "srg": ["SRG-OS-000095-GPOS-00049", "SRG-OS-000370-GPOS-00155"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the command does not return any output, or the line is commented out, and the collaborative computing device has not been authorized for use", "ocil": "If the device or Ubuntu 22.04 does not have a camera installed, this requirement is not applicable.\n\nThis requirement is not applicable to mobile devices (smartphones and tablets), where the use of the camera is a local AO decision.\n\nThis requirement is not applicable to dedicated VTC suites located in approved VTC locations that are centrally managed.\n\nFor an external camera, if there is not a method for the operator to manually disconnect the camera at the end of collaborative computing sessions, this is a finding.\n\nFor a built-in camera, the camera must be protected by a camera cover (e.g., laptop camera cover slide) when not in use. If the built-in camera is not protected with a camera cover, or is not physically disabled, this is a finding.\n\nIf the camera is not disconnected, covered, or physically disabled, determine if it is being disabled via software with the following commands:\n\nVerify the operating system disables the ability to load the uvcvideo kernel module.\n\n$ sudo grep -r uvcvideo /etc/modprobe.d/* | grep \"/bin/true\"\n\ninstall uvcvideo /bin/true", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to disable the built-in or attached camera when not in use.\n\nBuild or modify the \"/etc/modprobe.d/blacklist.conf\" file by using the following example:\n\ninstall uvcvideo /bin/true\nblacklist uvcvideo\n\nReboot the system for the settings to take effect.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must cover or disable the built-in or attached camera when not in use.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable the uvcvideo module", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml", "template": {"name": "kernel_module_disabled", "vars": {"kernmodule": "uvcvideo"}, "backends": {}}}