Physical access devices include keys, locks, combinations, and card readers. 

Priority: High   

Category: Physical Security 

Services Associated with AWS:   


Objective Evidence:   

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate how Physical Role Based Access Control (P-RBAC) is implemented 

Possible Technology Considerations : 

  • Physical Access Control (PAC) 

What needs to be answered :  

Are physical access devices (such as card readers, proximity readers, and locks) maintained and operated per the manufacturer recommendations? Are these devices updated with any changed access control information necessary to prevent unauthorized access? Does the facility/building manager review the location and type of each physical access device and evaluate its suitability for the company’s needs? Are keys, combinations, and other physical access devices secured? 

  • Physical Access Device Control and Management
    Description: This check focuses on the control and management of physical access devices used to secure organizational facilities. Physical access devices include keys, locks, combinations, and card readers. Organizations need to establish appropriate controls and processes to effectively control and manage these devices.

More Details:   

No CUI stored in company facilities. All CUI storage done via AWS services.