Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
10. Physical Security<br />
These Physical Security Non-Mandatory Baselines support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1) and the Default Security Requirements (ITEC <strong>7230A</strong>.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
10. Physical Security <br />
10.1. Physical Access Control<br />
10.1.1. Control Physical Access (5 sets) (4 sets)<br />
10.2. Physical Environmental Control<br />
10.2.1. Provide Environmental Controls (5 sets) (5 sets)<br />
10.3. Maintain Records <br />
10.1. Physical Access Control<br />
The following are the Non-Mandatory Baselines that support the Physical Access<br />
Control section <strong>of</strong> the Default Security Requirements:<br />
10.1.1. Control Physical Access<br />
Physical threats to systems can only be managed by implementing appropriate<br />
physical security controls:<br />
10.1.1.a Roles Requiring Physical Access<br />
• Regular physical access should be provided to only those<br />
individuals that work in facilities that host systems or system<br />
components and that have a regular requirement to physically<br />
access systems:<br />
o <strong>Administration</strong> staff.<br />
o Operations staff.<br />
• Occasional physical access may be provided to nay individual<br />
so long as sufficient cause can be demonstrated:<br />
o Temporary administrative staff.<br />
o Temporary operations staff.<br />
o Third-party administrative or operations staff.<br />
o Project-specific staff.<br />
10.1.1.b Physical Access Controls<br />
• All facilities that house systems and/or system components<br />
should be secured with doors that have locks.<br />
• Dedicated areas within facilities that house systems and/or<br />
systems components should be secured with doors that have<br />
pick-resistant locks.<br />
• Dedicated areas within facilities that house systems and/or<br />
systems components should make use <strong>of</strong> access monitoring<br />
solutions.<br />
29