PE-5(2): Access To Output By Individual Identity

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system:

  1. Controls physical access to output from [Assignment: organization-defined output devices]; and
  2. Links individual identity to receipt of the output from the device.

Supplemental Guidance

Controlling physical access to selected output devices includes, for example, installing security functionality on printers, copiers, and facsimile machines that allows organizations to implement authentication (e.g., using a PIN or hardware token) on output devices prior to the release of output to individuals.