One of the most important, but overlooked part of security by organizations is physical security. Maintaining strong physical security is necessary to ensure your assets and data remain safe and secure.
This agency guide is a comprehensive treatment on the control and management of physical access devices. The guide addresses cost-effectiveness, performance-measurement, and the planning and managing of physical security resources. Section 5.4 is a short section that addresses Operation and Maintenance of Physical Security Resources. This entry summarizes some of the preventive and detective controls for physical security and discusses some minimum physical security requirements. This link provides a sample policy checklist designed to examine compliance with Federal regulations that have not changed since that time. This standard speaks to EPHI data, but it can be adapted to other regulated data like CUI (see Section 4 – Maintenance Records). This article describes how proper physical security provides additional protection people, devices, and data. This article discusses why a comprehensive IT security policy isn’t enough if you want to sleep easy…you’re also going to need a thorough physical security policy. This user guide provides information and recommended procedures for establishing key and lock programs. This policy provides a comprehensive example demonstrating how to protect the privacy and security of sensitive information and prevent the unauthorized use or misuse of data through the control and use of physical access devices (see Section PE-3). This abstract, derived from the book "Developing Cybersecurity Programs and Policies, 3rd Edition", provides guidance on how to develop and implement physical controls through policy and practice. This SANS whitepaper provides a broad overview of the importance of physical security as it intersects with cybersecurity. This article provides insight into protecting the physical infrastructure and describes five key areas where physical security controls need to be in place. This example policy from the State of Michigan provides guidance for personnel for the protection of Criminal Justice Information (CJI). This video give a brief introduction to various physical security control methods that can be deployed in your environment.
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.