search:
               

Status: Live

The organization will develop, disseminate, and review: 1) a formal process to manage the IT facilities that address purpose, scope, and compliance; and 2) formal procedures to facilitate implementing the process. [UCF ID 00710]

Supporting and supported controls

This control directly supports:

• Physical and environmental protection [UCF Control ID 00709]

This control has the following supporting controls:

• Physical security of facilities [UCF Control ID 00711]
• Low profile of the IT site [UCF Control ID 00712]
• Visitor controls [UCF Control ID 01329]
• Manage employee identification within the facility [UCF Control ID 02215]

Authority documents complied with:

Protection of Assets Manual, ASIS International, Pg 13-I-18; Aviation and Transportation Security Act, Public Law 107 Released-71, November 2001, November 2001, § 103; NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006, § 2-100, § 2-108; CobiT 4.1, DS12.5; OGC ITIL: Security Management, § 4.2.3.2; Archer Control Table, ATCS-475, ATCS-773

US Federal Security Guidance

During a strike, the number of entrances to the facility should be kept to the minimum number required for the organization's operations. [Pg 13-I-18, Protection of Assets Manual, ASIS International]

Each United States airport must establish a Federal Security Manager position to oversee the screening of passengers and property. [§ 103, Aviation and Transportation Security Act, Public Law 107 Released-71, November 2001, November 2001]

All facilities eligible to possess classified material must be granted a Facility Clearance. If the organization consists of multiple sites, the home office must have a Facility Clearance at the same level or higher than any of the satellite facilities. [§ 2-100, § 2-108, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006]

ITIL Guidance

[§ 4.2.3.2, OGC ITIL: Security Management]

General Guidance

The organization should manage facilities, including power and communications equipment, in line with laws and regulations, technical and business requirements, vendor specifications, and health and safety guidelines. [DS12.5, CobiT 4.1]

Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.