Status: Live
The organization will report on the percentage of servers in locations with controlled physical access. [UCF ID 02067]
Metric guidance
Calculation: The calculation for this metric is # of servers in locations with controlled physical access / # of servers.
Calculation source: No authority document source of information exists. The following formula was used: the number of servers that are located in facilities, rooms, cabinets, or spaces with some form of controlled physical access divided by the number of servers listed in the hardware inventory for each business unit (or the organization as a whole) .
The Common Control IDs associated with this metric are as follows:
- • Physical security of facilities [UCF Control ID 00711]
• Establish and maintain physical security of distributed IT assets [UCF Control ID 00718]
• Physically protect managed network hardware in locked rooms or cabinets [UCF Control ID 01873]
Supporting and supported controls
This control directly supports:
- • Establish and maintain a physical environment metrics program [UCF Control ID 02063]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE15.4; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2
US Federal Security Guidance
The organization must measure and report on the percentage of servers in locations with controlled physical access. [ISPE15.4, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of servers in locations with controlled physical access. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.