PE: Physical and Environmental Protection

Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: [Assignment (one or more): organization-level, mission/business process-level, system-level] physical and environmental protection policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate…

Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides; Issue authorization credentials for facility access; Review the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; and Remove individuals from the facility access list when access is no longer required.

Enforce physical access authorizations at [Assignment: organization-defined entry and exit points to the facility where the system resides] by: Verifying individual access authorizations before granting access to the facility; and Controlling ingress and egress to the facility using [Assignment (one or more): [Assignment: organization-defined physical access control systems or devices] , guards]; Maintain physical access…

Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls].

Control physical access to output from [Assignment: organization-defined output devices] to prevent unauthorized individuals from obtaining the output.

Monitor physical access to the facility where the system resides to detect and respond to physical security incidents; Review physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events]; and Coordinate results of reviews and investigations with the organizational incident response capability.

Maintain visitor access records to the facility where the system resides for [Assignment: organization-defined time period]; Review visitor access records [Assignment: organization-defined frequency]; and Report anomalies in visitor access records to [Assignment: organization-defined personnel].

Protect power equipment and power cabling for the system from damage and destruction.

Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; Place emergency shutoff switches or devices in [Assignment: organization-defined location by system or system component] to facilitate access for authorized personnel; and Protect emergency power shutoff capability from unauthorized activation.

Provide an uninterruptible power supply to facilitate [Assignment (one or more): an orderly shutdown of the system, transition of the system to long-term alternate power] in the event of a primary power source loss.

Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.

Employ and maintain fire detection and suppression systems that are supported by an independent energy source.

Maintain [Assignment (one or more): temperature, humidity, pressure, radiation, [Assignment: organization-defined environmental control] ] levels within the facility where the system resides at [Assignment: organization-defined acceptable levels]; and Monitor environmental control levels [Assignment: organization-defined frequency].

Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.

Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and Maintain records of the system components.

Determine and document the [Assignment: organization-defined alternate work sites] allowed for use by employees; Employ the following controls at alternate work sites: [Assignment: organization-defined controls]; Assess the effectiveness of controls at alternate work sites; and Provide a means for employees to communicate with information security and privacy personnel in case of incidents.

Position system components within the facility to minimize potential damage from [Assignment: organization-defined physical and environmental hazards] and to minimize the opportunity for unauthorized access.

Protect the system from information leakage due to electromagnetic signals emanations.

Employ [Assignment: organization-defined asset location technologies] to track and monitor the location and movement of [Assignment: organization-defined assets] within [Assignment: organization-defined controlled areas].

Employ [Assignment: organization-defined protective measures] against electromagnetic pulse damage for [Assignment: organization-defined systems and system components].

Mark [Assignment: organization-defined system hardware components] indicating the impact level or classification level of the information permitted to be processed, stored, or transmitted by the hardware component.

Plan the location or site of the facility where the system resides considering physical and environmental hazards; and For existing facilities, consider the physical and environmental hazards in the organizational risk management strategy.