3.10.2—Physical Protection - Basic
>Control Description
>Discussion
Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for example, by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution, transmission, and power lines.
Security controls applied to the support infrastructure prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Physical access controls to support infrastructure include locked wiring closets; disconnected or locked spare jacks; protection of cabling by conduit or cable trays; and wiretapping sensors.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern protecting CUI systems from physical damage?
- •What procedures address environmental threats (fire, water, etc.)?
- •Who is responsible for physical protection controls?
- •How often are physical protection controls tested?
- •What governance ensures physical protection adequacy?
Technical Implementation:
- •What environmental controls protect CUI systems (HVAC, fire suppression)?
- •How do you implement physical protection from damage?
- •What power conditioning and UPS systems protect equipment?
- •How do you monitor environmental conditions?
- •What redundancy protects against physical system failures?
Evidence & Documentation:
- •Can you show environmental control documentation?
- •What evidence demonstrates fire suppression and power protection?
- •Can you provide environmental monitoring logs?
- •What maintenance records show physical protection system testing?
- •What audit findings verify physical damage protection?
Ask AI
Configure your API key to use AI features.