Technology Standard

 

Facilities Security - Physical Security

Version: 1.0
Status: Approved: 02/21/07
Contact: Director, Technology Services

PURPOSE

Physical Security refers to those practices, technologies, and/or services used to ensure safeguards are applied to protect systems, services, buildings, and related supporting infrastructure against threats associated with their physical environment.

SCOPE

In accordance with the COV ITRM 501-01 each agency must establish physical security safeguards to provide a first line of defense for information resources against physical damage, physical theft, unauthorized disclosure of information, loss of control over system integrity, and interruption to computer services.

APPLICABILITY

This standard is applicable to the System Office and all Colleges.

STANDARD

The standards developed in this document define the minimum requirements and recommendations for safeguarding information resources residing in static facilities (such as buildings), mobile facilities (such as computers mounted in buildings), and portable facilities (such as mobile command centers) based on the risks related to geographic location, including natural threats (such as flooding), man-made threats (such as burglary or civil disorders), and threats from nearby activities (such as toxic chemical processing or electromagnetic interference). The standards will be reviewed as necessary to reflect changes in the use of technology, State and Federal Laws and State Policies, and Directives.

Requirement:

Mission critical system facilities must be located in a secure location that is restricted to authorized personnel only and are secured in a manner that controls access by unauthorized personnel.

Requirement:

Access to critical computer hardware, wiring, displays, and networks must be controlled by the principle of least privilege (i.e. only up to the level needed to perform one’s duties).

Requirement:

Provide a system of monitoring and auditing physical access to critical and sensitive computer hardware, wiring, displays, and networks (e.g. badges, cameras, access logs).

Requirement:

Develop physical safeguards that provide appropriate levels of support facilities such as electric power, heating, and air-conditioning required by the IT resources.

Recommendation:

Consider physical attributes in developing physical security for facilities housing systems, services, and infrastructure. Examples include:

  • Physical Access

  • Use locked cabinets

  • Secure machines to non-moveable furniture

    •
  • Power and Electricity

  • Uninterruptible Power Supply (UPS)

  • Emergency generator

    •
  • Climate and Environment
  • Allow sufficient air flow
  • Guard against extreme heat or cold
  • Install heating and cooling systems with air filters to protect against dust
  • Install a monitoring system that notifies you of severe changes in the environment
    •
  • Fire Safety
  • Install smoke detectors near critical equipment
  • Ensure adequate fire extinguishers are near critical equipment and that all personnel are properly trained.
    •
  • Water
  • Install water sensors
  • Control humidity
    •
  • Emergency Evacuation
  • Have an evacuation plan clearly outlined and displayed and all personnel properly trained in the implementation of the plan.
    •
  • Structure, Doors/Windows, Perimeter
  • Ensure raised floors or dropped ceilings do not provide access to secured areas.
    •

    • Return to Information Security Program