Physical Protection of Unclassified Key System Devices/Computer Rooms in Large Processing Facilities

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32580	PH-03.02.01	SV-42917r2_rule	PECF-1 PECF-2	Medium

Description
Allowing access to systems processing sensitive information by personnel without the need-to-know could permit loss, destruction of data or equipment or a denial of service. Loss could be accidental damage or intentional theft or sabotage.

STIG	Date
Traditional Security	2013-07-11

Details

Check Text ( C-41025r2_chk )
Checks: 1. Check to ensure that Unclassified system assests (servers, DASD, tape drives, hubs, etc.) are protected in separate locked/access controlled rooms or closets. NOTE 1: This potential VUL concerns protection of "ONLY UNCLASSIFIED" System and Network Devices. NOTE 2: While not required; the ideal situation with larger computer systems is to locate all major system components within "raised floor" computer rooms. Regardless of the location the key factor in determining acceptable compliance is if the equipment is accessible only to properly vetted persons who require unescorted access to the equipment for performance of duties. NOTE 3: While not preferred, if space and/or size of the Information Systems (IS) assets do not allow for being housed in a separate room or closet they may be maintained in locked Information System (IS) cabinets that preclude ease of access by unauthorized individuals. 2. Check to ensure that properly managed access control systems, mechanical access devices, or keyed locks are being used to control access to these rooms, closets or cabinets. NOTE 4: If keyed locks are used check to ensure that proper key control procedures are in place. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Check Text ( C-41025r2_chk )

Checks:

1. Check to ensure that Unclassified system assests (servers, DASD, tape drives, hubs, etc.) are protected in separate locked/access controlled rooms or closets.

NOTE 1: This potential VUL concerns protection of "ONLY UNCLASSIFIED" System and Network Devices.

NOTE 2: While not required; the ideal situation with larger computer systems is to locate all major system components within "raised floor" computer rooms. Regardless of the location the key factor in determining acceptable compliance is if the equipment is accessible only to properly vetted persons who require unescorted access to the equipment for performance of duties.

NOTE 3: While not preferred, if space and/or size of the Information Systems (IS) assets do not allow for being housed in a separate room or closet they may be maintained in locked Information System (IS) cabinets that preclude ease of access by unauthorized individuals.

2. Check to ensure that properly managed access control systems, mechanical access devices, or keyed locks are being used to control access to these rooms, closets or cabinets.

NOTE 4: If keyed locks are used check to ensure that proper key control procedures are in place.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments. Not applicable to a field/mobile environment.

Fix Text (F-36507r1_fix)
Fixes: 1. Ensure that Unclassified system assests (servers, DASD, tape drives, hubs, etc.) are protected in separate locked/access controlled rooms or closets. NOTE 1: This potential VUL concerns protection of "ONLY UNCLASSIFIED" System and Network Devices. NOTE 2: While not required; the ideal situation with larger computer systems is to locate all major system components within "raised floor" computer rooms. Regardless of the location the key factor in determining acceptable compliance is if the equipment is accessible only to properly vetted persons who require unescorted access to the equipment for performance of duties. NOTE 3: While not preferred, if space and/or size of the Information Systems (IS) assets do not allow for being housed in a separate room or closet they may be maintained in locked Information System (IS) cabinets that preclude ease of access by unauthorized individuals. 2. Ensure that properly managed access control systems, mechanical access devices, or keyed locks are being used to control access to these rooms, closets or cabinets. NOTE 4: If keyed locks are used, ensure that proper key control procedures are in place.

Fix Text (F-36507r1_fix)

Fixes:

1. Ensure that Unclassified system assests (servers, DASD, tape drives, hubs, etc.) are protected in separate locked/access controlled rooms or closets.

NOTE 1: This potential VUL concerns protection of "ONLY UNCLASSIFIED" System and Network Devices.

NOTE 2: While not required; the ideal situation with larger computer systems is to locate all major system components within "raised floor" computer rooms. Regardless of the location the key factor in determining acceptable compliance is if the equipment is accessible only to properly vetted persons who require unescorted access to the equipment for performance of duties.

NOTE 3: While not preferred, if space and/or size of the Information Systems (IS) assets do not allow for being housed in a separate room or closet they may be maintained in locked Information System (IS) cabinets that preclude ease of access by unauthorized individuals.

2. Ensure that properly managed access control systems, mechanical access devices, or keyed locks are being used to control access to these rooms, closets or cabinets.

NOTE 4: If keyed locks are used, ensure that proper key control procedures are in place.