The organization controls physical access to information system output devices to prevent unauthorized individuals from obtaining the output.

PE-5 (1) Access To Output By Authorized Individuals

Controlling physical access to selected output devices includes, for example, placing printers, copiers, and facsimile machines in controlled areas with keypad access controls or limiting access to individuals with certain types of badges.

The organization:

PE-5 (1)(a)

Controls physical access to output from Assignment: organization-defined output devices; and

PE-5 (1)(b)

Ensures that only authorized individuals receive output from the device.

PE-5 (2) Access To Output By Individual Identity

Controlling physical access to selected output devices includes, for example, installing security functionality on printers, copiers, and facsimile machines that allows organizations to implement authentication (e.g., using a PIN or hardware token) on output devices prior to the release of output to individuals.

The information system:

PE-5 (2)(a)

Controls physical access to output from Assignment: organization-defined output devices; and

PE-5 (2)(b)

Links individual identity to receipt of the output from the device.

PE-5 (3) Marking Output Devices

Outputs devices include, for example, printers, monitors, facsimile machines, scanners, copiers, and audio devices. This control enhancement is generally applicable to information system output devices other than mobiles devices.

The organization marks Assignment: organization-defined information system output devices indicating the appropriate security marking of the information permitted to be output from the device.