Back

Control physical access to network cables.


CONTROL ID
00723
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Install and protect network cabling., CC ID: 08624

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The layout of under-floor cables and the space under the floors may be restricted. (F36.2. ¶ 1(2), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • All patch panels, cable distribution panels, and wiring enclosures should be located in locked spaces to prevent casual access by general users. If cabling is located in public areas, it should be labeled to not attract attention. All cabling should be installed according to the applicable standards… (§ 3.1.25, § 3.8.7, § 3.8.14, § 3.8.27, Australian Government ICT Security Manual (ACSI 33))
  • Verify physical access to Wireless Access Points, handheld devices, telecommunications lines, gateways, networking hardware, and communications hardware is restricted. (Testing Procedures § 9.1.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Physical access to Wireless Access Points, handheld devices, telecommunications lines, gateways, networking hardware, and communications hardware must be restricted. (PCI DSS Requirements § 9.1.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Is physical access to wireless access points, gateways, handheld devices, networking hardware, communications hardware, and telecommunication lines restricted? (PCI DSS Question 9.1.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Is physical access to wireless access points, gateways, handheld devices, networking hardware, communications hardware, and telecommunication lines restricted? (PCI DSS Question 9.1.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Diagnostic ports on network equipment should be protected by access controls (e.g., passwords and physical locks). (CF.09.05.02, The Standard of Good Practice for Information Security)
  • Diagnostic ports on network equipment should be protected by access controls (e.g., passwords and physical locks). (CF.09.05.02, The Standard of Good Practice for Information Security, 2013)
  • Physical Security. An organization should combine the identification of the environment with safeguards which deal with physical protection. The following items may apply to buildings, secure areas, computer rooms and offices. The safeguard selection depends on which part of the building is consider… (¶ 8.1.7(7), ISO 13335-4 Information technology - Guidelines for the management of IT Security - Part 4: Selection of safeguards, 2000)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Restrict physical access to cabling and other nonprogrammable communication components used for connection between applicable Cyber Assets within the same Electronic Security Perimeter in those instances when such cabling and components are located outside of a Physical Security Perimeter. (CIP-006-6 Table R1 Part 1.10 Requirements ¶ 1., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Physical Security of BES Cyber Systems CIP-006-6, Version 6)
  • The organization must disable physical ports when they are not in use. (CSR 2.2.21, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Transmission lines located outside closed areas that carry access authorization, verification, or personal identification data must meet or exceed the Grade A requirements specified by Underwriters Laboratories. Electrical gear and wiring must be accessible only from inside classified areas. If the … (§ 5-313, § 5-314.d, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006)
  • The agency shall control physical access to the distribution cables and transmission cables inside the physically secure location. (§ 5.9.1.4, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Physical access to the medium is controlled by the agency using the requirements in Sections 5.9.1 and 5.12. (§ 5.10.1.2.1 ¶ 1 ¶ 1(2)(c), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall control physical access to information system distribution and transmission lines within the physically secure location. (§ 5.9.1.4 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall control physical access to information system distribution and transmission lines within the physically secure location. (§ 5.9.1.4 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Physical access to the medium is controlled by the agency using the requirements in Sections 5.9.1 and 5.12. (§ 5.10.1.2.1 ¶ 1 ¶ 1 2.c., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Determine whether there are adequate security controls around the telecommunications environment, including: ▪ Controls that limit access to wiring closets, equipment, and cabling to authorized personnel; ▪ Secured telecommunications documentation; ▪ Appropriate telecommunication change contro… (Exam Tier I Obj 8.2, FFIEC IT Examination Handbook - Operations, July 2004)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls]. (PE-4 Control, FedRAMP Security Controls High Baseline, Version 5)
  • Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls]. (PE-4 Control, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Precautions should be taken to ensure the cables transmitting information are protected from unauthorized access. (§ 5.6.17.2, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
  • Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls]. (PE-4 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls]. (PE-4 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Calls for Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provid… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • (§ 3.10.1, Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14, September 1996)
  • Organizational records and documents and the facility should be examined to ensure distribution and transmission lines are protected from accidental damage, eavesdropping, disruption, and physical tampering, physical access to the lines are controlled, and specific responsibilities and actions are d… (PE-4, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control: Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control: High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Cabling design and implementation for the control network should be addressed in the cybersecurity plan. Unshielded twisted pair communications cable, while acceptable for the office environment, is generally not suitable for the plant environment due to its susceptibility to interference from magne… (§ 6.2.11.3 ICS-specific Recommendations and Guidance ¶ 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must control physical access to system transmission and distribution lines inside the facility. (App F § PE-4, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should protect from unauthorized physical connections across boundary protections by implementing an organization-defined list of managed interfaces. (App F § SC-7(14), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization controls physical access to {organizationally documented information system distribution and transmission lines} within organizational facilities using {organizationally documented security safeguards}. (PE-4 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization controls physical access to {organizationally documented information system distribution and transmission lines} within organizational facilities using {organizationally documented security safeguards}. (PE-4 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization controls physical access to {organizationally documented information system distribution and transmission lines} within organizational facilities using {organizationally documented security safeguards}. (PE-4 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls]. (PE-4 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Control physical access to [Assignment: organization-defined system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security controls]. (PE-4 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards]. (PE-4 Control, TX-RAMP Security Controls Baseline Level 2)