Physical Security Program - Physical Security Plan Development and Implementation with Consideration of Information Systems Assets

From Traditional Security

Part of Physical Security Program - Physical Security Plan

Associated with IA controls: PESP-1, PESS-1, PECF-1, PEPF-2, PEPF-1, PECF-2

SV-42819r2_rule Physical Security Program - Physical Security Plan Development and Implementation with Consideration of Information Systems Assets

Vulnerability discussion

Failure to have a physical security program will result in an increased risk to DoD Information Systems; including personnel, equipment, material and documents.

Check content

Checks: 1. Check to ensure there is a Physical Security Plan, either an organizational/site OR a base/installation security plan in which the the site is considered. NOTE 1: If it is a higher level installation or base plan ensure it addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a local (site/organization) plan is specifically required. 2. Check to ensure security requirements of the computer room(s) and open storage areas are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime. 3. Check to ensure the plan also addresses entry/access control procedures for the facility overall and for specific/individual computer rooms or other areas housing network equipment (routers/crypto/switches, etc.). 4. Check to ensure that access control procedures and requirements for various categories of persons expected to access the facility (such as employees, visitors, vendors, facility maintenance, and foreign nationals) are covered. NOTE 2: To be complete the plan should specifically address access control of vendors (ie., vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners). 5. Finally check to ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations. NOTE 3: If the plan or any of the critical elements of the plan (everything mentioned here) applicable to the specific site are missing this should be written as a finding. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) should be in place. Not applicable to a field/mobile environment.

Fix text

Fixes: 1. Ensure there is a Physical Security Plan, either an organizational/site OR a base/installation security plan in which the the site is considered. NOTE 1: If it is a higher level installation or base plan ensure it addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a local (site/organization) plan is specifically required. 2. Ensure security requirements of the computer room(s) and open storage areas are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime. 3. Ensure the plan also addresses entry/access control procedures for the facility overall and for specific/individual computer rooms or other areas housing network equipment (routers/crypto/switches, etc.). 4. Ensure that access control procedures and requirements for various categories of persons expected to access the facility (such as employees, visitors, vendors, facility maintenance, and foreign nationals) are covered. NOTE 2: To be complete the plan should specifically address access control of vendors (ie., vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners). 5. Finally, ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer