Log physical access to the facility.

UCF ID: 01641

Control Type: Process or Activity

Status: Live

Supporting and supported controls

This control directly supports:

Ensure all facilities are physically secured. [UCF Control ID 00711]

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Retail Payment Systems, March 2004, Pg 33, Exam Tier II Obj 3.1; North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards, CIP-006-1 R4

Banking and Finance Guidance

The organization should implement physical security controls to document who has accessed the facility. [Pg 33, Exam Tier II Obj 3.1, FFIEC IT Examination Handbook – Retail Payment Systems, March 2004]

Energy Guidance

Logging shall record sufficient information to uniquely identify individuals and the time of access twenty-four hours a day, seven days a week. The Responsible Entity shall implement and document the technical and procedural mechanisms for logging physical entry at all access points to the Physical Security Perimeter(s) using one or more of the following logging methods or their equivalent:
• Computerized Logging: Electronic logs produced by the Responsible Entity’s selected access control and monitoring method.
• Video Recording: Electronic capture of video images of sufficient quality to determine identity.
• Manual Logging: A log book or sign-in sheet, or other record of physical access maintained by security or other personnel authorized to control and monitor physical access as specified in Requirement R2.3. [CIP-006-1 R4, North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards]