zydronium/manage.get.gov

mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-26 04:28:39 +02:00

Document things cloud.gov CRM fully supports (#122 )

* document things cloud.gov crm fully supports

* run make assemble

2022-10-13 10:36:44 -04:00

4.5 KiB

Raw Blame History

implementation-status

control-origination

c-implemented

c-inherited-cloud-gov

pe-3 - [catalog] Physical Access Control

Control Statement

[a] Enforce physical access authorizations at entry and exit points by:
- [1] Verifying individual access authorizations before granting access to the facility; and
- [2] Controlling ingress and egress to the facility using No value found;
[b] Maintain physical access audit logs for entry or exit points;
[c] Control access to areas within the facility designated as publicly accessible by implementing the following controls: physical access controls;
[d] Escort visitors and control visitor activity circumstances;
[e] Secure keys, combinations, and other physical access devices;
[f] Inventory physical access devices every frequency ; and
[g] Change combinations and keys organization-defined frequency and/or when keys are lost, combinations are compromised, or when individuals possessing the keys or combinations are transferred or terminated.

Control guidance

Physical access control applies to employees and visitors. Individuals with permanent physical access authorizations are not considered visitors. Physical access controls for publicly accessible areas may include physical access control logs/records, guards, or physical access devices and barriers to prevent movement from publicly accessible areas to non-public areas. Organizations determine the types of guards needed, including professional security staff, system users, or administrative staff. Physical access devices include keys, locks, combinations, biometric readers, and card readers. Physical access control systems comply with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. Organizations have flexibility in the types of audit logs employed. Audit logs can be procedural, automated, or some combination thereof. Physical access points can include facility access points, interior access points to systems that require supplemental access controls, or both. Components of systems may be in areas designated as publicly accessible with organizations controlling access to the components.

Control assessment-objective

physical access authorizations are enforced at entry and exit points by verifying individual access authorizations before granting access to the facility; physical access authorizations are enforced at entry and exit points by controlling ingress and egress to the facility using No value found; physical access audit logs are maintained for entry or exit points; access to areas within the facility designated as publicly accessible are maintained by implementing physical access controls; visitors are escorted; visitor activity is controlled circumstances; keys are secured; combinations are secured; other physical access devices are secured; physical access devices are inventoried frequency; combinations are changed frequency , when combinations are compromised, or when individuals possessing the combinations are transferred or terminated; keys are changed frequency , when keys are lost, or when individuals possessing the keys are transferred or terminated.