>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SO-04Provisioning Physical Access

>Control Description

Physical access provisioning to an Organization datacenter requires management approval and documented specification of: • account type (e.g., standard, visitor, or vendor) • access privileges granted • intended business purpose • visitor identification method, if applicable • temporary badge issued, if applicable • access start date • access duration

Theme

Process

Type

Preventive

Policy/Standard

Physical and Environmental Security Policy

>Implementation Guidance

1. Ensure all physical access to organization data centers have management approval and documentation. 2. Ensure physical access is granted after appropriate approvals.

>Testing Procedure

1. Inspect the physical security system workflow to determine whether requests for physical access required management approval and required documented specification of: •Account type (e.g., visitor, vendor, or regular). •Access privileges granted. •Intended business purpose. •Visitor identification method, if applicable. •Temporary badge issued, if applicable. •Access start date. •Access duration. 2. Inspect physical access request documentation for a sample of new physical access requests to the Organization-owned data center and data rooms to determine whether access is approved.

>Audit Artifacts

E-SO-08
E-SO-09

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27002:2022
1

5.15

FedRAMP Rev 5
3

MA-05
PE-02
PE-03

PCI DSS
6

9.3
9.3.1
9.3.1.1
9.3.2
9.3.3
9.3.4

HIPAA Security Rule
4

164.308(a)(4)(ii)(B)
164.310(a)(1)
164.310(a)(2)(ii)
164.310(a)(2)(iii)

SOC 2
1

CC6.4

BSI C5
1

PS-04

TX-RAMP
3

MA-5
PE-2
PE-3

Ask AI

Configure your API key to use AI features.