Navigate

PE-3(2)

PE-3(2): Facility and Systems

Perform security checks [the frequency at which to perform security checks at the physical perimeter of the facility or system for exfiltration of information or removal of system components is defined;] at the physical perimeter of the facility or system for exfiltration of information or removal of system components.

Supplemental

Organizations determine the extent, frequency, and/or randomness of security checks to adequately mitigate risk associated with exfiltration.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
CDS - Access, CDS - Multilevel, CDS - Transfer, Classified, DAF Baseline, Int-A, Int-B, Int-C, NC3

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to PE-3(2).

Control	Description
AC-4	Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [information flow control policies within the system and between connected systems are defined;].
SC-7	a: Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system; b: Implement subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and c: Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

Control

Description

AC-4

Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [information flow control policies within the system and between connected systems are defined;].

SC-7

a: Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system;

b: Implement subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and

c: Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

Enhancements

The controls below (if any) add on to the requirements of PE-3(2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to PE-3(2).

CCI	Definition
CCI-000929	Perform security checks in accordance with organization-defined frequency at the physical boundary of the facility or system for unauthorized exfiltration of information or removal of system components.
CCI-002927	Defines the frequency with which to perform security checks at the physical boundary of the facility or system for exfiltration of information or removal of system components.