| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
PE-16 |
FedRAMP_High_R4_PE-16 |
FedRAMP High PE-16 |
Physical And Environmental Protection |
Delivery And Removal |
Shared |
n/a |
The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items.
Supplemental Guidance: Effectively enforcing authorizations for entry and exit of information system components may require restricting access to delivery areas and possibly isolating the areas from the information system and media libraries. Related controls: CM-3, MA-2, MA-3, MP-5, SA-12.
References: None. |
link |
2 |
| FedRAMP_Moderate_R4 |
PE-16 |
FedRAMP_Moderate_R4_PE-16 |
FedRAMP Moderate PE-16 |
Physical And Environmental Protection |
Delivery And Removal |
Shared |
n/a |
The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items.
Supplemental Guidance: Effectively enforcing authorizations for entry and exit of information system components may require restricting access to delivery areas and possibly isolating the areas from the information system and media libraries. Related controls: CM-3, MA-2, MA-3, MP-5, SA-12.
References: None. |
link |
2 |
| hipaa |
0505.09m2Organizational.3-09.m |
hipaa-0505.09m2Organizational.3-09.m |
0505.09m2Organizational.3-09.m |
05 Wireless Security |
0505.09m2Organizational.3-09.m 09.06 Network Security Management |
Shared |
n/a |
Quarterly scans are performed to identify unauthorized wireless access points, and appropriate action is taken if any unauthorized access points are discovered. |
|
8 |
| ISO27001-2013 |
A.11.1.6 |
ISO27001-2013_A.11.1.6 |
ISO 27001:2013 A.11.1.6 |
Physical And Environmental Security |
Delivering and loading areas |
Shared |
n/a |
Access points such as delivery and loading areas and other points where unauthorized persons could enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access. |
link |
5 |
| ISO27001-2013 |
A.11.2.5 |
ISO27001-2013_A.11.2.5 |
ISO 27001:2013 A.11.2.5 |
Physical And Environmental Security |
Removal of assets |
Shared |
n/a |
Equipment, information or software shall not be taken off-site without prior authorization. |
link |
6 |
| ISO27001-2013 |
A.8.2.3 |
ISO27001-2013_A.8.2.3 |
ISO 27001:2013 A.8.2.3 |
Asset Management |
Handling of assets |
Shared |
n/a |
Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization. |
link |
26 |
| NIST_SP_800-53_R4 |
PE-16 |
NIST_SP_800-53_R4_PE-16 |
NIST SP 800-53 Rev. 4 PE-16 |
Physical And Environmental Protection |
Delivery And Removal |
Shared |
n/a |
The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items.
Supplemental Guidance: Effectively enforcing authorizations for entry and exit of information system components may require restricting access to delivery areas and possibly isolating the areas from the information system and media libraries. Related controls: CM-3, MA-2, MA-3, MP-5, SA-12.
References: None. |
link |
2 |
| NIST_SP_800-53_R5 |
PE-16 |
NIST_SP_800-53_R5_PE-16 |
NIST SP 800-53 Rev. 5 PE-16 |
Physical and Environmental Protection |
Delivery and Removal |
Shared |
n/a |
a. Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and
b. Maintain records of the system components. |
link |
2 |