UCF STIG Viewer Logo

PEPS-1 Physical Security Testing


Overview

A facility penetration testing process is in place that includes periodic, unannounced attempts to penetrate key computing facilities.

MAC / CONF Impact Subject Area
CLASSIFIED
SENSITIVE
Low Physical and Environmental

Details

Threat
All documents, equipment, and machine-readable media are at risk from unauthorized personnel, access, copying and illegal distribution, if penetration testing to computing facilities are not performed.

Guidance
1. A facility penetration testing process shall be in place.
2. Periodic, unannounced attempts to penetrate key computing facilities shall take place.
3. Results to periodic, unannounced attempts to penetrate key computing facilities shall be documented and shared with authorized security management and personnel.
4. Review of the results to the periodic, unannounced attempts to penetrate key computing facilities shall take place within one week of each test to determine if any changes are required to correct deficiencies in facility security.

References

    N/A