3.10.6—Physical Protection - Derived
Derived Requirement
>Control Description
Enforce safeguarding measures for CUI at alternate work sites.
>Discussion
Alternate work sites may include government facilities or the private residences of employees. Organizations may define different security requirements for specific alternate work sites or types of sites depending on the work-related activities conducted at those sites. [SP 800-46] and [SP 800-114] provide guidance on enterprise and user security when teleworking.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern controlling physical access to alternate work sites?
- •What procedures define home office or remote work security?
- •Who approves alternative work arrangements involving CUI?
- •How do you ensure alternate work sites meet security requirements?
- •What governance oversees remote work physical security?
Technical Implementation:
- •What physical security requirements apply to alternate work sites?
- •How do you verify security controls at home offices?
- •What technical solutions protect CUI at remote locations?
- •How do you implement secure storage at alternate work sites?
- •What monitoring ensures remote work security compliance?
Evidence & Documentation:
- •Can you provide alternate work site security requirements?
- •What documentation shows remote work site approval?
- •Can you demonstrate remote work security assessments?
- •What attestations or audits verify alternate site security?
- •What evidence confirms alternate work site physical controls?
Ask AI
Configure your API key to use AI features.