Back

Establish, implement, and maintain proper container security.


CONTROL ID
02208
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a physical security program., CC ID: 11757

This Control has the following implementation support Control(s):
  • Inspect the physical integrity of all containers before loading the containers., CC ID: 02209
  • Lock closable storage containers., CC ID: 06307


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Server rooms, communications rooms, security containers and secure rooms are not left in unsecured states. (Control: ISM-0813; Revision: 4, Australian Government Information Security Manual, June 2023)
  • Server rooms, communications rooms, security containers and secure rooms are not left in unsecured states. (Control: ISM-0813; Revision: 4, Australian Government Information Security Manual, September 2023)
  • The packaging and containers that hold records should withstand the handling and pressure of the contents, should not damage the stored records, and special protective packaging may be justified to provide additional protection from deterioration. (§ 4.3.7.2 ¶ 1(c), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • When scoped data is sent or received via physical media, is the data placed in transport containers to protect against physical damage? (§ G.14.6, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Security containers are made of metal, are lockable, and have been tested to resist penetration. To maintain integrity, strict control of the keys is mandatory and only 2 keys should exist, and for combinations, only individuals with a need shall have the combination. The following are considered se… (§ 4.2.4.2, CMS Business Partners Systems Security Manual, Rev. 10)
  • Classified storage containers must have a three position, changeable combination lock that meets federal specification ff-l-2740. (§ 3.5.1 ¶ 2, DISA Access Control STIG, Version 2, Release 3)
  • Procedures must be in place at the point of container loading to protect against the presence unauthorized material and/or persons. A high security seal that meets or exceeds the PAS ISO 17712 standards must be affixed to all loaded containers bound for the U.S. (Container Security, Customs-Trade Partnership Against Terrorism (C-TPAT) Importer Security Criteria)
  • The agency shall designate an area, room, or storage container as a controlled area for daily access or storage of criminal justice information, if the agency cannot meet the requirements for a physically secure location and has an operational need for accessing or storing criminal justice informati… (§ 5.9.2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)