Joint task force transformation initiative


PE-6 MONITORING PHYSICAL ACCESS



Yüklə 5,64 Mb.
səhifə109/186
tarix08.01.2019
ölçüsü5,64 Mb.
#93199
1   ...   105   106   107   108   109   110   111   112   ...   186



PE-6 MONITORING PHYSICAL ACCESS


Control: The organization:

  1. Monitors physical access to the facility where the information system resides to detect and respond to physical security incidents;

  2. Reviews physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events]; and

  3. Coordinates results of reviews and investigations with the organizational incident response capability.

Supplemental Guidance: Organizational incident response capabilities include investigations of and responses to detected physical security incidents. Security incidents include, for example, apparent security violations or suspicious physical access activities. Suspicious physical access activities include, for example: (i) accesses outside of normal work hours; (ii) repeated accesses to areas not normally accessed; (iii) accesses for unusual lengths of time; and (iv) out-of-sequence accesses. Related controls: CA-7, IR-4, IR-8.

Control Enhancements:

  1. monitoring physical access | intrusion alarms / surveillance equipment

The organization monitors physical intrusion alarms and surveillance equipment.

  1. monitoring physical access | automated intrusion recognition / responses

The organization employs automated mechanisms to recognize [Assignment: organization-defined classes/types of intrusions] and initiate [Assignment: organization-defined response actions].

Supplemental Guidance: Related control: SI-4.

  1. monitoring physical access | video surveillance

The organization employs video surveillance of [Assignment: organization-defined operational areas] and retains video recordings for [Assignment: organization-defined time period].

Supplemental Guidance: This control enhancement focuses on recording surveillance video for purposes of subsequent review, if circumstances so warrant (e.g., a break-in detected by other means). It does not require monitoring surveillance video although organizations may choose to do so. Note that there may be legal considerations when performing and retaining video surveillance, especially if such surveillance is in a public location.

  1. monitoring physical access | monitoring physical access to information systems

The organization monitors physical access to the information system in addition to the physical access monitoring of the facility as [Assignment: organization-defined physical spaces containing one or more components of the information system].

Supplemental Guidance: This control enhancement provides additional monitoring for those areas within facilities where there is a concentration of information system components (e.g., server rooms, media storage areas, communications centers). Related controls: PS-2, PS-3.

References: None.

Priority and Baseline Allocation:

P1

LOW PE-6

MOD PE-6 (1)

HIGH PE-6 (1) (4)



PE-7 VISITOR CONTROL


[Withdrawn: Incorporated into PE-2 and PE-3].



PE-8 VISITOR ACCESS RECORDS


Control: The organization:

  1. Maintains visitor access records to the facility where the information system resides for [Assignment: organization-defined time period]; and

  2. Reviews visitor access records [Assignment: organization-defined frequency].

Supplemental Guidance: Visitor access records include, for example, names and organizations of persons visiting, visitor signatures, forms of identification, dates of access, entry and departure times, purposes of visits, and names and organizations of persons visited. Visitor access records are not required for publicly accessible areas.

Control Enhancements:

  1. visitor access records | automated records maintenance / review

The organization employs automated mechanisms to facilitate the maintenance and review of visitor access records.

  1. visitor access records | physical access records

[Withdrawn: Incorporated into PE-2].

References: None.

Priority and Baseline Allocation:

P3

LOW PE-8

MOD PE-8

HIGH PE-8 (1)


Yüklə 5,64 Mb.

Dostları ilə paylaş:
1   ...   105   106   107   108   109   110   111   112   ...   186




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin