Controls

Terug naar overzicht
Version

SB.12.001 Access to technical areas

Medium
Medium
Medium
Physical & Environmental Security
System Owner
v2.0 (Q1 2024)

Description

Access to physical areas housing IT equipment or sensitive data must be logged and checked at least monthly for deviating situations.

Procedures for working in secure areas are in place and adherence to them monitored. The procedures include at a minimum rules regarding:

  • how and when access can be obtained by whom
  • work should be supervised or checked
  • no recordings can be made in secure areas
  • how guests and contractors can perform their work activities
  • rules regarding consumption of food
  • emergency protocols and how any out-of-ordinary situations can be reported.

Specification

Access to technical areas is limited to authorised personnel according to the NIST Special Publication 800-53: https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=PE-03

The keys (or alternative authentication schemes) for access to restricted areas must be strictly managed.

There is a phyiscal response plan for intruder alerts.