Appropriate physical safeguards have not been established to protect sensitive documents and/or output devices.
The organization controls physical access to information system output devices to prevent unauthorized individuals from obtaining the output.
Information system processing areas are secured and limited to personnel based on roles/responsibilities.
No statewide control
Obtain physical and environmental protection policy; procedures addressing access control for display medium; facility layout of information system components; actual displays from information system components; other relevant documents or records and ascertain if the organization controls physical access to information system devices that display information to prevent unauthorized individuals from observing the display output.