Physical security controls are a key component of limiting unauthorized access to sensitive information and information systems. These controls are important for protecting computer facilities and resources from espionage, sabotage, damage, and theft. They involve restricting physical access to computer resources and sensitive information, usually by limiting access to the buildings and rooms in which the resources are housed and periodically reviewing access rights granted to ensure that access continues to be appropriate based on established criteria.
|“||Adequate physical security controls over computer resources (e.g., computer facilities, network devices such as routers and firewalls, telecommunications equipment, and transmission lines) should be established that are commensurate with the risks of physical damage or access.||”|
"Physical security controls over the overall facility and areas housing sensitive information technology components include, among other things, policies and practices for granting and discontinuing access authorizations; controlling badges, ID cards, smartcards, and other entry [[devices; controlling entry during and after normal business hours; and controlling the entry and removal of computer resources (such as equipment and storage media) from the facility. Physical security controls also include environmental controls, such as smoke detectors, fire alarms, extinguishers, uninterruptible power supplies, and redundancy in air cooling systems."
NIST states that federal organizations should implement physical security and environmental safety controls to protect employees and contractors, information systems, and the facilities in which they are located.
- Information Security: National Archives and Records Administration Needs to Implement Key Program Elements and Controls, at 12.
- ↑ Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk, at 10.
- ↑ Id.
- ↑ Id.