Back

Prohibit signage indicating computer room location and uses.


CONTROL ID
06343
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Design the Information Technology facility with consideration given to natural disasters and man-made disasters., CC ID: 00712

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Physical security measures should be in place to protect computer facilities and equipment from damage or unauthorized access. Critical information processing facilities should be housed in secure areas such as data centres and network equipment rooms with appropriate security barriers and entry con… (3.6.1, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • F6: The organization should not install a signboard or billboard outside indicating the existence/ location of its computer center. F24: In order to prevent unauthorized entry, secrecy breaches, and vandalism, the organization shall not place signs indicating which rooms are computer and data storag… (F6, F24, F83, F104, F123, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • To prevent damage resulting from acts by outsiders such as trespassing and vandalism, it is recommended not to install a billboard or signboard outside indicating the existence or location of a computer center. (F6.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Also, in shared buildings, it is recommended not to install an indication or sign with which people can easily identify a place where computers and related facilities are installed. Refer to [F24]. (F6.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To prevent unauthorized entry, vandalism, and leakage of confidential information, it is necessary to avoid posting any informational signs indicating the names of computer and data storage rooms within the building of a computer center. (F24.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is necessary to ensure that power rooms and air-conditioner rooms are not provided with any guide plates, to protect against intrusion, vandalism, etc. In addition, to allow firefighters to identify the positions of power supply room and air-conditioner room, the layout drawings of power supply r… (F54.4., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In the head offices and branch offices, it is recommended that the server-installed locations be kept unidentifiable, in order to ensure security against unauthorized access, vandalism, and leakage of official secrets. (F123.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Do the physical security and environmental controls present in the building / data centers prohibit signage indicating computer room location and uses? (§ F.1.2.1, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • The areas that house critical Information Technology systems must not be designated as restricted areas. (§ 5.3 ¶ V0007198, DISA Access Control STIG, Version 2, Release 3)