Title

Systems must be physically secured. (Cat II impact)

Discussion

Inadequate physical protection can undermine all other security precautions utilized to protect the system. This can jeopardize the confidentiality, availability, and integrity of the system. Physical security is the first line of protection of any system.

Check Content

Verify user workstations containing sensitive data are in access-controlled areas. Users must maintain control of, and protect, mobile systems. If systems are not adequately protected, this is a finding.

Fix Text

Establish site policy that ensures workstations containing sensitive data are located inside a controlled access area. Establish a policy on protecting mobile systems outside of controlled areas.

Additional Identifiers

Rule ID: SV-48014r1_rule

Vulnerability ID: V-1070

Group Title: Physical security

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.