CMMC Practice PE.L1-3.10.1

Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

Bold Coast Security Guidance

Evaluate the placement of all your computers, servers, and network equipment. It should be in secured, or securable areas. You will need to identify users or roles which can access these areas in your policies or procedures. The organization should restrict access to the non-public areas of the building. Furthermore, not all employees need access to servers and network equipment, and there may be a subset of workstations only a few employees should access. Your organization may need to budget time or money to move equipment to secured server rooms, or purchase enclosures and lockable racks for your servers and network equipment, such as your firewalls and routers. It is not unusual to find network switches in open areas of larger manufacturing facilities. These switches must be secured from unauthorized access by placing them in locked closets or inside a small, lockable rack. Network servers should always be placed in a secured area, ideally with electronic locks which will automatically record entry to areas and can enforce time of day restrictions. Also consider placing cameras in locations to record physical entry to secured areas. If no separate data center or server room exists in your facility, a lockable rack which monitored by video would be appropriate.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 This requirement applies to employees, individuals with permanent physical access authorization credentials, and visitors. Authorized individuals have credentials that include badges, identification cards, and smart cards. Organizations determine the strength of authorization credentials needed consistent with applicable laws, directives, policies, regulations, standards, procedures, and guidelines. This requirement applies only to areas within facilities that have not been designated as publicly accessible. Limiting physical access to equipment may include placing equipment in locked rooms or other secured areas and allowing access to authorized individuals only; and placing equipment in locations that can be monitored by organizational personnel. Computing devices, external disk drives, networking devices, monitors, printers, copiers, scanners, facsimile machines, and audio devices are examples of equipment.

References