Skip to content

Family 3.10 6 requirements

Physical Security.

Walls, doors, badges. And the people inside.

The big picture

Cloud-only ops still need physical security for the offices where CUI is viewed, edited, and discussed.

Theme 1

Authorise and monitor.

3.10.1 — 3.10.2

Limiting physical access to authorised individuals and protecting the support infrastructure.

3.10.1 Lock the Doors. Limit physical access to CUI systems, equipment, and operating environments to authorized individuals. 1 pts
L1

3.10.2 Watch the Building. Protect and monitor the physical facility and support infrastructure — cameras, alarms, environmental controls. 1 pts

Theme 2

Escort and log.

3.10.3 — 3.10.5

Escorting visitors, monitoring activity, and maintaining logs of physical access.

3.10.3 Escort Every Visitor. Visitors escorted and monitored at all times in CUI areas. Sign-in, badges, no exceptions. 1 pts
L1

3.10.4 Log Physical Access. Maintain audit logs of who accessed secured CUI areas and when. 1 pts
L1

3.10.5 Manage Keys and Badges. Inventory and control all physical access devices — keys, badges, cards, combinations. 1 pts
L1

Theme 3

Remote and mobile sites.

3.10.6 only

Enforcing safeguards at alternate work sites — home offices and field locations.

3.10.6 Home Office Security. Define and enforce security safeguards for CUI at alternate work sites — home offices and travel. 1 pts