PE-16—Delivery and Removal
IL4 Mod
IL4 High
IL5
IL6
>Control Description
a
Authorize and control ⚙organization-defined types of system components entering and exiting the facility; and
b
Maintain records of the system components.
>DoD Impact Level Requirements
FedRAMP Parameter Values
PE-16 (a) [all information system components]
>Discussion
Enforcing authorizations for entry and exit of system components may require restricting access to delivery areas and isolating the areas from the system and media libraries.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the delivery and removal of information system components and media?
- •How does the organization authorize and track deliveries to and removals from the facility?
- •What is the process for inspecting incoming shipments to prevent unauthorized items?
- •How are delivery personnel screened and escorted within the facility?
- •What governance exists for investigating unauthorized or suspicious deliveries?
Technical Implementation:
- •What systems track deliveries and removals (loading dock systems, shipping logs)?
- •How are incoming items inspected for unauthorized components?
- •What technical controls restrict access to delivery and loading areas?
- •How are delivery manifests verified against actual contents?
- •What scanning or detection equipment is used for incoming deliveries?
Evidence & Documentation:
- •Provide delivery and removal authorization procedures and forms.
- •Provide delivery logs and inspection records from the past quarter.
- •Provide evidence of incoming shipment screening and validation.
- •Provide documentation of loading dock access controls and monitoring.
- •Provide records of any unauthorized or suspicious delivery incidents.
Ask AI
Configure your API key to use AI features.