PE-01-727 Physical and Environmental Protection Policies and Procedures
Physical and Environmental Protection Policies and Procedures
PE-01-727
Physical and Environmental Protection Policies and Procedures
Physical and Environmental Protection
Protect
Physical and Environmental Protection
LOW, MOD, HIGH
P1
Yes
January 29, 2016
Information resource owners are responsible for establishing a physical and environmental protection policy that covers all information resources under their control. Information resource custodians are responsible for developing procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental controls.
Information resource owners shall review their policies and procedures annually to ensure they remain appropriate to the resources under their control.
Unauthorized parties have access to facilities due to security flaws in physical layout.
The organization:
a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
1. A physical and environmental protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
2. Procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls; and
b. Reviews and updates the current:
1. Physical and environmental protection policy [Assignment: organization-defined frequency]; and
2. Physical and environmental protection procedures [Assignment: organization-defined frequency].
The organization has documented policies and supporting procedures to protect organizational facilities based on their criticality, and has implemented physical access safeguards to appropriate granting, controlling, and monitoring of physical access to organizational facilities.
The state organization head or his or her designated representative(s) shall document and manage physical access to mission critical information resources facilities to ensure the protection of information resources from unlawful or unauthorized access, use, modification or destruction.
Obtain physical and environmental protection policy and procedures and ascertain if : (I)the organization develops and documents physical and environmental protection policy and procedures. (ii)the organization disseminates physical and environmental protection policy and procedures to appropriate elements within the organization. (iii)responsible parties within the organization periodically review physical and environmental protection policy and procedures. (iv)the organization updates physical and environmental protection policy and procedures when organizational review indicates updates are required. (v)the physical and environmental protection policy addresses purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, and compliance (vi)the physical and environmental protection policy is consistent with the organization’s mission and functions and with applicable laws, directives, policies, regulations, standards, and guidance. (vii)the physical and environmental protection procedures address all areas identified in the physical and environmental protection policy and address achieving policy-compliant implementations of all associated physical and environmental protection controls.