>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SO-11Physical Access Devices

>Control Description

Physical access devices (i.e., keys, combinations, access cards, etc.) are maintained through an inventory and restricted to authorized individuals. Appropriate devices are rotated when compromised or upon employee termination or transfer.

Theme

Process

Type

Preventive

Policy/Standard

Physical and Environmental Security Policy

>Implementation Guidance

1. Ensure inventory of physical access devices is maintained. 2. Ensure access to inventory is limited to authorized personnel. 3. Ensure rotation of physical access devices when compromised, or employee termination or transfer.

>Testing Procedure

1 Inspect the list of physical access devices. 2 Inspect the list of individuals who has an access to physical devices. 3 Inspect whether physical access devices were rotated when compromised or upon employee termination or transfer.

>Audit Artifacts

E-SO-15
E-SO-16
E-SO-17

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

FedRAMP Rev 5
1

PE-03

PCI DSS
3

9.2.2
9.2.3
9.2.4

TX-RAMP
1

PE-3

Ask AI

Configure your API key to use AI features.