DE.CM-02: The physical environment is monitored to find potentially adverse events


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Monitor logs from physical access control systems (e.g., badge readers) to find unusual access patterns (e.g., deviations from the norm) and failed access attempts

Ex2: Review and monitor physical access records (e.g., from visitor registration, sign-in sheets)

Ex3: Monitor physical access controls (e.g., locks, latches, hinge pins, alarms) for signs of tampering

Ex4: Monitor the physical environment using alarm systems, cameras, and security guards

1st: 1st Party Risk