>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PE-6(4)Monitoring Physical Access | Monitoring Physical Access to Systems

IL4 High
IL5
IL6

>Control Description

Monitor physical access to the system in addition to the physical access monitoring of the facility at organization-defined physical spaces containing one or more components of the system.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Monitoring physical access to systems provides additional monitoring for those areas within facilities where there is a concentration of system components, including server rooms, media storage areas, and communications centers. Physical access monitoring can be coordinated with intrusion detection systems and system monitoring capabilities to provide comprehensive and integrated threat coverage for the organization.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern the implementation of monitoring physical access to systems for the organization's facilities?
  • Who is responsible for overseeing and maintaining monitoring physical access to systems controls?
  • How frequently are monitoring physical access to systems controls reviewed and updated?
  • What process exists for granting exceptions to monitoring physical access to systems requirements?
  • How does the organization ensure accountability for monitoring physical access to systems across all facility locations?

Technical Implementation:

  • What technologies or systems technically implement monitoring physical access to systems?
  • How are these systems configured to meet the control requirements?
  • What monitoring or alerting capabilities exist for monitoring physical access to systems?
  • How do monitoring physical access to systems systems integrate with other physical security infrastructure?
  • What redundancy or backup mechanisms support monitoring physical access to systems?

Evidence & Documentation:

  • Provide documented policies and procedures for monitoring physical access to systems.
  • Provide evidence of monitoring physical access to systems implementation and configuration.
  • Provide logs, records, or reports demonstrating monitoring physical access to systems activities over the past 90 days.
  • Provide testing, maintenance, or inspection records for monitoring physical access to systems from the past year.
  • Provide evidence of monitoring physical access to systems reviews, audits, or assessments.

Ask AI

Configure your API key to use AI features.