graphgrc

ISO 27002 - A.7 - Physical controls

A.7.1

Physical security perimeters

Security perimeters shall be defined and used to protect areas that contain information and other associated assets.

Mapped SCF controls

A.7.2

Physical entry

Secure areas shall be protected by appropriate entry controls and access points.

Mapped SCF controls

A.7.3

Securing offices, rooms and facilities

Physical security for offices, rooms and facilities shall be designed and implemented.

Mapped SCF controls

A.7.4

Physical security monitoring

Premises shall be continuously monitored for unauthorized physical access.

Mapped SCF controls

A.7.5

Protecting against physical and environmental threats

Protection against physical and environmental threats, such as natural disasters and other intentional or unintentional physical threats to infrastructure shall be designed and implemented.

Mapped SCF controls

A.7.6

Working in secure areas

Security measures for working in secure areas shall be designed and implemented.

Mapped SCF controls

A.7.7

Clear desk and clear screen

Clear desk rules for papers and removable storage media and clear screen rules for information processing facilities shall be defined and appropriately enforced.

Mapped SCF controls

A.7.8

Equipment siting and protection

Equipment shall be sited securely and protected.

Mapped SCF controls

A.7.9

Security of assets off-premises

Off-site assets shall be protected.

Mapped SCF controls

A.7.10

Storage media

Storage media shall be managed through their life cycle of acquisition, use, transportation and disposal in accordance with the organization’s classification scheme and handling requirements.

Mapped SCF controls

A.7.11

Supporting utilities

Information processing facilities shall be protected from power failures and other disruptions caused by failures in supporting utilities.

Mapped SCF controls

A.7.12

Cabling security

Cables carrying power, data or supporting information services shall be protected from interception, interference or damage.

Mapped SCF controls

A.7.13

Equipment maintenance

Equipment shall be maintained correctly to ensure availability, integrity and confidentiality of information.

Mapped SCF controls

A.7.14

Secure disposal or re-use of equipment

Items of equipment containing storage media shall be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.

Mapped SCF controls