Status: Live
The organization will develop, disseminate, and review: 1) a formal process to manage the IT facilities that address purpose, scope, and compliance; and 2) formal procedures to facilitate implementing the process. [UCF ID 00710]
Supporting and supported controls
This control directly supports:
- • Physical and environmental protection [UCF Control ID 00709]
This control has the following supporting controls:
- • Physical security of facilities [UCF Control ID 00711]
• Low profile of the IT site [UCF Control ID 00712]
• Visitor controls [UCF Control ID 01329]
• Manage employee identification within the facility [UCF Control ID 02215]
Authority documents complied with:
Protection of Assets Manual, ASIS International, Pg 13-I-18; Aviation and Transportation Security Act, Public Law 107 Released-71, November 2001, November 2001, § 103; NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006, § 2-100, § 2-108; CobiT 4.1, DS12.5; OGC ITIL: Security Management, § 4.2.3.2; Archer Control Table, ATCS-475, ATCS-773
US Federal Security Guidance
During a strike, the number of entrances to the facility should be kept to the minimum number required for the organization's operations. [Pg 13-I-18, Protection of Assets Manual, ASIS International]
Each United States airport must establish a Federal Security Manager position to oversee the screening of passengers and property. [§ 103, Aviation and Transportation Security Act, Public Law 107 Released-71, November 2001, November 2001]
All facilities eligible to possess classified material must be granted a Facility Clearance. If the organization consists of multiple sites, the home office must have a Facility Clearance at the same level or higher than any of the satellite facilities. [§ 2-100, § 2-108, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006]
ITIL Guidance
[§ 4.2.3.2, OGC ITIL: Security Management]
General Guidance
The organization should manage facilities, including power and communications equipment, in line with laws and regulations, technical and business requirements, vendor specifications, and health and safety guidelines. [DS12.5, CobiT 4.1]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.
