Physical security perimeters
Security perimeters shall be defined and used to protect areas that contain information and other associated assets.
Physical entry
Secure areas shall be protected by appropriate entry controls and access points.
Securing offices, rooms and facilities
Physical security for offices, rooms and facilities shall be designed and implemented.
Physical security monitoring
Premises shall be continuously monitored for unauthorized physical access.
Protecting against physical and environmental threats
Protection against physical and environmental threats, such as natural disasters and other intentional or unintentional physical threats to infrastructure shall be designed and implemented.
Working in secure areas
Security measures for working in secure areas shall be designed and implemented.
Clear desk and clear screen
Clear desk rules for papers and removable storage media and clear screen rules for information processing facilities shall be defined and appropriately enforced.
Equipment siting and protection
Equipment shall be sited securely and protected.
Security of assets off-premises
Off-site assets shall be protected.
Storage media
Storage media shall be managed through their life cycle of acquisition, use, transportation and disposal in accordance with the organization’s classification scheme and handling requirements.
Supporting utilities
Information processing facilities shall be protected from power failures and other disruptions caused by failures in supporting utilities.
Cabling security
Cables carrying power, data or supporting information services shall be protected from interception, interference or damage.
Equipment maintenance
Equipment shall be maintained correctly to ensure availability, integrity and confidentiality of information.
Secure disposal or re-use of equipment
Items of equipment containing storage media shall be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.