Information resource owners with responsibility over data processing facilities shall authorize and maintain an inventory of all information resources entering and exiting facilities under their control.
Unauthorized parties gain physical access to critical or sensitive information processing facilities due to inadequate physical security policies and standards.
The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items.
The organization has assessed whether physical security to sensitive areas (e.g., data center, server room, student or patient records room, etc.) can be circumvented.
The state organization authorizes, monitors, and controls system components entering and exiting data processing facilities and maintains records of those items.
Obtain physical and environmental protection policy; procedures addressing delivery and removal of information system components from the facility; facility housing the information system; records of items entering and exiting the facility; other relevant documents or records and ascertain if:
(I)the organization authorizes and controls information system-related items (i.e., hardware, firmware, software) entering and exiting the facility.
(ii)the organization maintains appropriate records of items entering and exiting the facility.
