Level 1
Description:
Physical access devices include keys, locks, combinations, and card readers.
Priority: High
Domain: PHYSICAL PROTECTION (PE)
Category: Physical Security
Services Associated with AWS:
NA
Services Associated with Azure:
- Azure Security Center
- Azure Key Vault
- Azure Active Directory (Azure AD)
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate how Physical Role Based Access Control (P-RBAC) is implemented
Possible Technology Considerations :
- Physical Access Control (PAC)
What needs to be answered :
Are physical access devices (such as card readers, proximity readers, and locks) maintained and operated per the manufacturer recommendations? Are these devices updated with any changed access control information necessary to prevent unauthorized access? Does the facility/building manager review the location and type of each physical access device and evaluate its suitability for the company’s needs? Are keys, combinations, and other physical access devices secured?
Checks for AWS
- Physical Access Device Control and Management
Description: This check focuses on the control and management of physical access devices used to secure organizational facilities. Physical access devices include keys, locks, combinations, and card readers. Organizations need to establish appropriate controls and processes to effectively control and manage these devices.
Checks for Azure
- Physical Access Device Control and Management
Description: This policy focuses on the control and management of physical access devices used to secure organizational facilities within the Azure environment. Physical access devices may include card readers, proximity readers, and other access control mechanisms. This policy ensures that appropriate controls and processes are established to effectively control and manage these devices in compliance with the organization's security requirements. - Compliance with Manufacturer Recommendations
Description: This policy check ensures that physical access devices deployed within the Azure environment are maintained and operated per the manufacturer's recommendations. It verifies that any updates or changes to access control information necessary to prevent unauthorized access are promptly applied to the devices. - Regular Review of Physical Access Devices
Description: This policy check mandates that the facility/building manager regularly reviews the location and type of each physical access device within the Azure environment. The purpose is to evaluate the suitability of each device for the company's current security needs and make adjustments as required. - Secure Storage of Physical Access Devices
Description: This policy check ensures that keys, combinations, and other physical access devices are properly secured within the Azure environment. It requires that these devices are stored in accordance with the organization's security policies and standards to prevent unauthorized access and potential security breaches.
More Details:
No CUI stored in company facilities. All CUI storage done via AWS services.