PE-6

PE-6 MONITORING PHYSICAL ACCESS

Overview

Number	Title	Impact	Priority	Subject Area
PE-6	Monitoring Physical Access	LOW	P1	Physical And Environmental Protection

Instructions
The organization: PE-6a. Monitors physical access to the facility where the information system resides to detect and respond to physical security incidents; PE-6b. Reviews physical access logs Assignment: organization-defined frequency and upon occurrence of Assignment: organization-defined events or potential indications of events; and PE-6c. Coordinates results of reviews and investigations with the organizational incident response capability.

Instructions

The organization:

PE-6a.

Monitors physical access to the facility where the information system resides to detect and respond to physical security incidents;

PE-6b.

Reviews physical access logs Assignment: organization-defined frequency and upon occurrence of Assignment: organization-defined events or potential indications of events; and

PE-6c.

Coordinates results of reviews and investigations with the organizational incident response capability.

Guidance
Organizational incident response capabilities include investigations of and responses to detected physical security incidents. Security incidents include, for example, apparent security violations or suspicious physical access activities. Suspicious physical access activities include, for example: (i) accesses outside of normal work hours; (ii) repeated accesses to areas not normally accessed; (iii) accesses for unusual lengths of time; and (iv) out-of-sequence accesses.

Guidance

Organizational incident response capabilities include investigations of and responses to detected physical security incidents. Security incidents include, for example, apparent security violations or suspicious physical access activities. Suspicious physical access activities include, for example: (i) accesses outside of normal work hours; (ii) repeated accesses to areas not normally accessed; (iii) accesses for unusual lengths of time; and (iv) out-of-sequence accesses.

Enhancements

PE-6 (1) Intrusion Alarms / Surveillance Equipment

MODERATE

The organization monitors physical intrusion alarms and surveillance equipment.

PE-6 (2) Automated Intrusion Recognition / Responses

The organization employs automated mechanisms to recognize Assignment: organization-defined classes/types of intrusions and initiate Assignment: organization-defined response actions.

PE-6 (3) Video Surveillance

This control enhancement focuses on recording surveillance video for purposes of subsequent review, if circumstances so warrant (e.g., a break-in detected by other means). It does not require monitoring surveillance video although organizations may choose to do so. Note that there may be legal considerations when performing and retaining video surveillance, especially if such surveillance is in a public location.

The organization employs video surveillance of Assignment: organization-defined operational areas and retains video recordings for Assignment: organization-defined time period.

PE-6 (4) Monitoring Physical Access To Information Systems

HIGH

This control enhancement provides additional monitoring for those areas within facilities where there is a concentration of information system components (e.g., server rooms, media storage areas, communications centers).

The organization monitors physical access to the information system in addition to the physical access monitoring of the facility as Assignment: organization-defined physical spaces containing one or more components of the information system.