Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for example, by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution, transmission, and power lines. Security controls applied to the support infrastructure prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Physical access controls to support infrastructure include locked wiring closets; disconnected or locked spare jacks; protection of cabling by conduit or cable trays; and wiretapping sensors.

Priority: Medium

Category: Physical Security 

Services Associated with AWS:   

  • AWS Identity and Access Management (IAM), AWS GuardDuty, AWS CloudTrail (for monitoring access events) 

Objective Evidence:   

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate how Physical Role Based Access Control (P-RBAC) is implemented
  • Administrative: supporting documentation to demonstrate visitor management practices
  • Administrative: supporting documentation to demonstrate physical security practices

Possible Technology Considerations : 

  • Physical Access Control (PAC) 

What needs to be answered :  

Has the facility/building manager reviewed the location and type of physical security in use  and evaluated its suitability for the company’s needs? Is physical access monitored to detect and respond to physical security incidents? 

  • Physical Facility and Support Infrastructure Protection and Monitoring
    Description: This check ensures that the physical facility and support infrastructure for organizational systems are protected and monitored to prevent unauthorized access, damage, disruption, tampering, and eavesdropping. Security controls are applied to both publicly accessible areas within the facility and the support infrastructure, including distribution, transmission, and power lines.

More Details:   

No CUI stored in company facilities. All CUI storage done via AWS services.