UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Physical Security Program - Physical Security Plan Development and Implementation with Consideration of Information Systems Assets


Overview

Finding ID Version Rule ID IA Controls Severity
V-32482 PH-01.03.01 SV-42819r2_rule PECF-1 PECF-2 PEPF-1 PEPF-2 PESP-1 PESS-1 Low
Description
Failure to have a physical security program will result in an increased risk to DoD Information Systems; including personnel, equipment, material and documents.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-40923r2_chk )
Checks:

1. Check to ensure there is a Physical Security Plan, either an organizational/site OR a base/installation security plan in which the the site is considered.

NOTE 1: If it is a higher level installation or base plan ensure it addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a local (site/organization) plan is specifically required.

2. Check to ensure security requirements of the computer room(s) and open storage areas are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime.

3. Check to ensure the plan also addresses entry/access control procedures for the facility overall and for specific/individual computer rooms or other areas housing network equipment (routers/crypto/switches, etc.).

4. Check to ensure that access control procedures and requirements for various categories of persons expected to access the facility (such as employees, visitors, vendors, facility maintenance, and foreign nationals) are covered.

NOTE 2: To be complete the plan should specifically address access control of vendors (ie., vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners).

5. Finally check to ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations.

NOTE 3: If the plan or any of the critical elements of the plan (everything mentioned here) applicable to the specific site are missing this should be written as a finding.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) should be in place. Not applicable to a field/mobile environment.
Fix Text (F-36407r1_fix)
Fixes:

1. Ensure there is a Physical Security Plan, either an organizational/site OR a base/installation security plan in which the the site is considered.

NOTE 1: If it is a higher level installation or base plan ensure it addresses security concerns/procedures for the inspected organization or site. Ideally, a local site or organization should always be included in the host installation security plan. If not, then a local (site/organization) plan is specifically required.

2. Ensure security requirements of the computer room(s) and open storage areas are addressed and that guidance is provided to counter threats during peacetime, transition to war, and in wartime.

3. Ensure the plan also addresses entry/access control procedures for the facility overall and for specific/individual computer rooms or other areas housing network equipment (routers/crypto/switches, etc.).

4. Ensure that access control procedures and requirements for various categories of persons expected to access the facility (such as employees, visitors, vendors, facility maintenance, and foreign nationals) are covered.

NOTE 2: To be complete the plan should specifically address access control of vendors (ie., vending machine deliveries), cleaning and food service personnel, cleared versus uncleared visitors, foreign national (FN) visitors, FN employees (OCONUS SOFA, liaison, exchange and REL partners).

5. Finally, ensure the plan addresses security measures and response (Emergency Planning Measures) to include application of Force Protection Conditions, anti-terrorism planning and measures, civil disturbances, natural disasters, crime and any other possible local disruptions of the mission. A thorough plan will include measures designed to detect, delay, assess and respond to intrusions and other emergency situations.