Back

Secure workstations to desks with security cables.


CONTROL ID
04724
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain end user computing device security guidelines., CC ID: 00719

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization shall use cables or other means to secure devices and keep them in locked racks. (O57.2(3), FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Computers and computerized devices used for ICS functions (such as PLC programming) should never be allowed to leave the ICS area. Laptops, portable engineering workstations and handhelds (e.g., 375 HART communicator) should be tightly secured and should never be allowed to be used outside the ICS n… (§ 6.2.11.2 ICS-specific Recommendations and Guidance ¶ 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Consider procedures such as cabling PCs to desks. (Part I ¶ 5, California OPP Recommended Practices on Notification of Security Breach, May 2008)