| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
PE-6(1) |
FedRAMP_High_R4_PE-6(1) |
FedRAMP High PE-6 (1) |
Physical And Environmental Protection |
Intrusion Alarms / Surveillance Equipment |
Shared |
n/a |
The organization monitors physical intrusion alarms and surveillance equipment. |
link |
2 |
| FedRAMP_Moderate_R4 |
PE-6(1) |
FedRAMP_Moderate_R4_PE-6(1) |
FedRAMP Moderate PE-6 (1) |
Physical And Environmental Protection |
Intrusion Alarms / Surveillance Equipment |
Shared |
n/a |
The organization monitors physical intrusion alarms and surveillance equipment. |
link |
2 |
| hipaa |
0505.09m2Organizational.3-09.m |
hipaa-0505.09m2Organizational.3-09.m |
0505.09m2Organizational.3-09.m |
05 Wireless Security |
0505.09m2Organizational.3-09.m 09.06 Network Security Management |
Shared |
n/a |
Quarterly scans are performed to identify unauthorized wireless access points, and appropriate action is taken if any unauthorized access points are discovered. |
|
8 |
| hipaa |
1331.02e3Organizational.4-02.e |
hipaa-1331.02e3Organizational.4-02.e |
1331.02e3Organizational.4-02.e |
13 Education, Training and Awareness |
1331.02e3Organizational.4-02.e 02.03 During Employment |
Shared |
n/a |
The organization trains workforce members on how to properly respond to perimeter security alarms. |
|
6 |
| hipaa |
1812.08b3Organizational.46-08.b |
hipaa-1812.08b3Organizational.46-08.b |
1812.08b3Organizational.46-08.b |
18 Physical & Environmental Security |
1812.08b3Organizational.46-08.b 08.01 Secure Areas |
Shared |
n/a |
Intrusion detection systems (e.g., alarms and surveillance equipment) are installed on all external doors and accessible windows, the systems are monitored, and incidents/alarms are investigated. |
|
3 |
| hipaa |
1813.08b3Organizational.56-08.b |
hipaa-1813.08b3Organizational.56-08.b |
1813.08b3Organizational.56-08.b |
18 Physical & Environmental Security |
1813.08b3Organizational.56-08.b 08.01 Secure Areas |
Shared |
n/a |
The organization actively monitors unoccupied areas at all times and sensitive and/or restricted areas in real time as appropriate for the area. |
|
4 |
| hipaa |
18145.08b3Organizational.7-08.b |
hipaa-18145.08b3Organizational.7-08.b |
18145.08b3Organizational.7-08.b |
18 Physical & Environmental Security |
18145.08b3Organizational.7-08.b 08.01 Secure Areas |
Shared |
n/a |
The organization regularly tests alarms to ensure proper operation. |
|
2 |
| hipaa |
18146.08b3Organizational.8-08.b |
hipaa-18146.08b3Organizational.8-08.b |
18146.08b3Organizational.8-08.b |
18 Physical & Environmental Security |
18146.08b3Organizational.8-08.b 08.01 Secure Areas |
Shared |
n/a |
The organization maintains an electronic log of alarm system events and regularly reviews the logs, no less than monthly. |
|
4 |
| hipaa |
1816.08d2Organizational.4-08.d |
hipaa-1816.08d2Organizational.4-08.d |
1816.08d2Organizational.4-08.d |
18 Physical & Environmental Security |
1816.08d2Organizational.4-08.d 08.01 Secure Areas |
Shared |
n/a |
Any security threats presented by neighboring premises are identified. |
|
4 |
| ISO27001-2013 |
A.11.1.1 |
ISO27001-2013_A.11.1.1 |
ISO 27001:2013 A.11.1.1 |
Physical And Environmental Security |
Physical security perimeter |
Shared |
n/a |
Security perimeters shall be defined and used to protect areas that contain either sensitive or critical information and information processing facilities. |
link |
8 |
| ISO27001-2013 |
A.11.1.6 |
ISO27001-2013_A.11.1.6 |
ISO 27001:2013 A.11.1.6 |
Physical And Environmental Security |
Delivering and loading areas |
Shared |
n/a |
Access points such as delivery and loading areas and other points where unauthorized persons could enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access. |
link |
5 |
| NIST_SP_800-171_R2_3 |
.10.2 |
NIST_SP_800-171_R2_3.10.2 |
NIST SP 800-171 R2 3.10.2 |
Physical Protection |
Protect and monitor the physical facility and support infrastructure for organizational systems. |
Shared |
Microsoft is responsible for implementing this requirement. |
Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for example, by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution, transmission, and power lines. Security controls applied to the support infrastructure prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Physical access controls to support infrastructure include locked wiring closets; disconnected or locked spare jacks; protection of cabling by conduit or cable trays; and wiretapping sensors. |
link |
2 |
| NIST_SP_800-53_R4 |
PE-6(1) |
NIST_SP_800-53_R4_PE-6(1) |
NIST SP 800-53 Rev. 4 PE-6 (1) |
Physical And Environmental Protection |
Intrusion Alarms / Surveillance Equipment |
Shared |
n/a |
The organization monitors physical intrusion alarms and surveillance equipment. |
link |
2 |
| NIST_SP_800-53_R5 |
PE-6(1) |
NIST_SP_800-53_R5_PE-6(1) |
NIST SP 800-53 Rev. 5 PE-6 (1) |
Physical and Environmental Protection |
Intrusion Alarms and Surveillance Equipment |
Shared |
n/a |
Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment. |
link |
2 |
| SWIFT_CSCF_v2022 |
3.1 |
SWIFT_CSCF_v2022_3.1 |
SWIFT CSCF v2022 3.1 |
3. Physically Secure the Environment |
Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. |
Shared |
n/a |
Physical security controls are in place to protect access to sensitive equipment, hosting sites, and storage. |
link |
8 |