>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PE-18Location of System Components

High

>Control Description

Position system components within the facility to minimize potential damage from organization-defined physical and environmental hazards and to minimize the opportunity for unauthorized access.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Physical and environmental hazards include floods, fires, tornadoes, earthquakes, hurricanes, terrorism, vandalism, an electromagnetic pulse, electrical interference, and other forms of incoming electromagnetic radiation. Organizations consider the location of entry points where unauthorized individuals, while not being granted access, might nonetheless be near systems. Such proximity can increase the risk of unauthorized access to organizational communications using wireless packet sniffers or microphones, or unauthorized disclosure of information.

>Cross-Framework Mappings

SCF

PES-12
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the location and construction of the facility housing information systems?
  • How does the organization assess location-based threats when selecting or evaluating facilities?
  • What is the process for implementing physical barriers and security zones based on location risks?
  • How are facility location risks incorporated into overall organizational risk assessments?
  • What governance exists for managing and mitigating location-based threats?

Technical Implementation:

  • What physical barriers and access controls are implemented based on facility location?
  • How is the facility perimeter secured and monitored?
  • What specific controls address location-based threats identified in risk assessments?
  • How are vehicle barriers, fencing, and other physical controls configured?
  • What intrusion detection systems protect the facility perimeter?

Evidence & Documentation:

  • Provide facility location risk assessment documentation.
  • Provide evidence of location-based threat mitigation measures.
  • Provide documentation of physical barriers and perimeter security controls.
  • Provide records showing consideration of location risks in facility selection.

Ask AI

Configure your API key to use AI features.