+Physical and Environmental Security
---+Physical and Environmental Security
|
1. Overview
Physical and Environmental Security
| Summary |
Standard |
|
Physical and Environmental Security
|
Implement measures to safeguard the environment (premises, data centers, and sensitive designated areas) where important assets are located from attacks, accidents and from environmental threats and hazards. The level of protection from environmental threats should be commensurate with the importance of the asset storage location and the criticality of operations. Safeguard assets both within and outside the entity's premises, ensuring the Confidentiality, Integrity, and Availability (CIA) of these assets. These measures should be determined based on the outcomes of a risk assessment. This also includes practices like maintaining a clean desk and ensuring screens are clear at processing facilities and access to critical ICT assets. Identify and record authorized personnel entering critical locations of the financial entity. Grant physical access rights to critical ICT assets based on needtoknow, least privilege principles, and ad-hoc requirements according to the access management policy. Monitor physical access to premises, data centers, and designated sensitive areas, aligned with asset classification and area criticality. Regularly review and promptly revoke unnecessary physical access rights.
|
1.1 References
1.2 Identified Requirements
1.2 Related Regulation
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Regulations
Regulations
| Source |
Regulation |
|