DCS-10: Surveillance System

Control Family:

Datacenter Security

PF v1.0 References:

Threats Addressed:

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: DCS-02: Controlled Access Points, DCS-07: Secure Area Authorization, DCS-08: Unauthorized Persons Entry.

Control Statement

Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts.

Implementation Guidance

Equip external and internal perimeters with security alarm systems and surveillance devices such as movement sensors and cameras. Monitor these perimeters with security personnel. Retain any recordings for a defined period.

Auditing Guidance

  1. Examine the policy relating to data center surveillance.
  2. Determine if the policy includes ingress, egress and external perimeter to detect unauthorized access.
  3. Determine if procedures include activities and actions against unauthorized personnel in the premises.
  4. Review and determine if items identified in surveillance system logs for the premises have been actioned in accordance with policy and procedures.
  5. Determine if logs are maintained and reviewed appropriately.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.