PE: Physical And Environmental Protection

The organization: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: A physical and environmental protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls; and Reviews and…

The organization: Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides; Issues authorization credentials for facility access; Reviews the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; and Removes individuals from the facility access list when access is no longer required.

The organization: Enforces physical access authorizations at [Assignment: organization-defined entry/exit points to the facility where the information system resides] by; Verifying individual access authorizations before granting access to the facility; and Controlling ingress/egress to the facility using [Selection (one or more): [Assignment: organization-defined physical access control systems/devices]; guards]; Maintains physical access audit logs for [Assignment:…

The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards].

The organization controls physical access to information system output devices to prevent unauthorized individuals from obtaining the output.

The organization: Monitors physical access to the facility where the information system resides to detect and respond to physical security incidents; Reviews physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events]; and Coordinates results of reviews and investigations with the organizational incident response capability.

The organization: Maintains visitor access records to the facility where the information system resides for [Assignment: organization-defined time period]; and Reviews visitor access records [Assignment: organization-defined frequency].

The organization protects power equipment and power cabling for the information system from damage and destruction.

The organization: Provides the capability of shutting off power to the information system or individual system components in emergency situations; Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and Protects emergency power shutoff capability from unauthorized activation.

The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss.

The organization employs and maintains automatic emergency lighting for the information system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.

The organization employs and maintains fire suppression and detection devices/systems for the information system that are supported by an independent energy source.

The organization: Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and Monitors temperature and humidity levels [Assignment: organization-defined frequency].

The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.

The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items.

The organization: Employs [Assignment: organization-defined security controls] at alternate work sites; Assesses as feasible, the effectiveness of security controls at alternate work sites; and Provides a means for employees to communicate with information security personnel in case of security incidents or problems.

The organization positions information system components within the facility to minimize potential damage from [Assignment: organization-defined physical and environmental hazards] and to minimize the opportunity for unauthorized access.

The organization protects the information system from information leakage due to electromagnetic signals emanations.

The organization: Employs [Assignment: organization-defined asset location technologies] to track and monitor the location and movement of [Assignment: organization-defined assets] within [Assignment: organization-defined controlled areas]; and Ensures that asset location technologies are employed in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance.