Physical facility security controls are essential for effective cybersecurity and export compliance programs. A facility’s threat matrix pertains not only to human centered activities but also include environmental effects such as flooding and earthquakes. It also includes factors that support a facility such as electrical power and HVAC. NIST SP 800-12 An Introduction to Computer Security: The NIST Handbook provides guidelines for the protection of computer systems.
NIST Special Publication 800-12
This National Institute for Standards and Technology (NIST) publication was crated to assist organizations in addressing the security of computer-based resources (hardware, software, and information). It is an overview of applicable security controls for federal government and private sector organizations having sensitive systems. The handbook contains management controls, operational controls. and technical controls.
Physical and Environmental Security
Security threats to computer systems include:
- Interruption in provision of computing services.
- Physical damage.
- Unauthorized disclosure of information.
- Loss of system integrity.
- Physical theft.
Physical and Environmental Security Controls
Physical Access
The first control to address these issues is physical access. This issue is addressed in all cybersecurity and export compliance security provisions. In this publication physical access applies not only to access to equipment and media but extends to interconnect and power wiring. Evaluation of implemented physical barriers is stressed as is the implementation of intrusion detection technologies.
Fire Safety
Fire safety assessments are essential for facility security. These assessments should not only evaluate effectiveness of fire detection and suppression systems but should include identification of potential ignition and fuel sources. Operation and maintenance protocols should include minimizing accumulation of fire fuel sources.
Supporting Utilities
Supporting utilities can include HVAC, electric power distribution, water, sewage, and other utilities. Attention should be focused on potential risks associated with the malfunction of any these factors to data security, integrity, and availability.
Interception of Data
Interception of data can occur by a number of methods:
-
- Direct observation.
- Data transmission interception.
- Electromagnetic interception.
Controls for the prevention of interception can include physical access controls, password and encryption protocols, and TEMPEST shielding.
Mobile and Portable Systems
Systems that can be removed from a facility have an increased risk of damage and theft. A variety of physical and procedural controls should be considered to address the specific concerns of an organization. Additionally specified levels of encryption should be utilized to protect media.
Visitor Badges and Visitor Sign-in Registers
Visitor badges provide a visual identification of visitors to your facility. They give notice to personnel of requirements for access restriction and ensure that visitors are accompanied at all times by credentialed personnel. Visitor Sign-In Registers provide a logging mechanism for visitors granted access to premises and notifies visitors upon signing in of security requirements.
Facility Security Signs
Facility Security Signs inform visitors and remind personnel of defined controlled areas where export regulated articles, Controlled Unclassified Information (CUI), or sensitive information are present. These signs are an integral part of a comprehensive facility security program.
CVG Strategy Access Control Signs, Badges, and Visitor Logs
CVG Strategy’s Signs & Badges Store has a variety of signs, badges, and visitor logs to help your organization meet its physical and environmental security requirements. These offerings provide solutions for both export compliance and cybersecurity.
CVG Strategy also offers a wide array of EZ-Test Plan Templates for product test and evaluation that meet the requirements of MIL-STD-810, MIL-STD-461, MIL-STD-1275, MIL-STD-704, and others. Each environmental test plan is compliant with MIL-STD-810 Task 405. EMI/EMC test plans are compliant with MIL-STD-461 per DI-EMCS-80201.
CVG Strategy – Consultants and Advisors
CVG Strategy specializes in assisting companies of all sizes in services and support in Quality Management Systems, Test and Evaluation, Export Compliance, and Cybersecurity. We provide these services to a wide variety of U.S. and international customers.