Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
10. Physical Security<br />
These Physical Security Non-Mandatory Procedures support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1) and the Default Security Requirements (ITEC <strong>7230A</strong>.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
10. Physical Security <br />
10.1. Physical Access Control<br />
10.1.1. Control Physical Access (5 sets) (4 sets)<br />
10.2. Physical Environmental Control<br />
10.2.1. Provide Environmental Controls (5 sets) (5 sets)<br />
10.3. Maintain Records <br />
10.1. Physical Access Control<br />
The following are the Non-Mandatory Procedures that support the Physical Access<br />
Control section <strong>of</strong> the Default Security Requirements:<br />
10.1.1. Control Physical Access<br />
Agencies should implement appropriate physical security controls to manage<br />
and mitigate physical threats to systems:<br />
10.1.1.1 Identify, Authorize and Authenticate Individuals that Require<br />
Physical Access<br />
All individuals that will require physical access to information system<br />
components must be fully identified and authorized prior to any<br />
access being allowed and must be authenticated at the time <strong>of</strong><br />
access:<br />
• Identify the roles that require both regular as well as<br />
occasional physical access and identify the individuals that fill<br />
these roles.<br />
• Provide standing authorization and a permanent<br />
authenticator to individuals that require regular access.<br />
• Require individuals that require occasional access to submit a<br />
request that must be approved prior to access being<br />
attempted or allowed.<br />
• Authenticate individuals with regular access requirements<br />
through the use <strong>of</strong> their assigned permanent authenticator.<br />
• Authenticate individuals with occasional access requirements<br />
through the use <strong>of</strong> a personal identification mechanism that<br />
includes name, signature and photograph.<br />
34