DCS-07: Controlled Access Points

Control Family:

Datacenter Security

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: DCS-02: Controlled Access Points, DCS-08: Unauthorized Persons Entry.

Control Statement

Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas.

Implementation Guidance

Physical security perimeters should be restricted to authorized personnel only. They may include (but are not limited to): fences, walls, barriers, guards, gates, external boundary protection, bollards, fencing, guard dogs, armed guards, physical authentication mechanisms, reception desks, and security patrols.

Auditing Guidance

  1. Examine the policy relating to physical security perimeters.
  2. Examine the lists of types of areas in the organization, and the classification of each.
  3. Determine if there are appropriate physical security barriers and if monitoring exists between areas.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.