Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
physical and
enironmental
protection
pe
PE-1
Physical and
environmental
protection policy
and procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented physical and
environmental protection policy
that addresses purpose, scope,
roles, responsibilities,
management commitment,
coordination among
organizational entities, and
compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the physical and environmental
protection policy and associated
physical and environmental
protection controls.
PE-2
Physical access
authorizations
The organization develops and
keeps current a list of personnel
with authorized access to the
facility where the information
system resides (except for those
areas within the facility officially
designated as publicly accessible)
and issues appropriate
authorization credentials.
Designated officials within the
organization review and approve
the access list and authorization
credentials [assignment:
organization-defined frequency,
at least annually].
