Back

Control the removal of assets through physical entry points and physical exit points.


CONTROL ID
11681
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Protect distributed assets against theft., CC ID: 06799

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Facilities that store classified information must maintain a system to prevent or detect the introduction and removal of classified information from the facility without proper authority. Personnel who have a need to transport and/or remove classified material from the facility must have the appropr… (§ 5-103, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006)
  • Standard: Device and media controls. Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility. (§ 164.310(d)(1), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • The agency shall authorize and control information system-related items entering and exiting the physically secure location. (§ 5.9.1.8 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall authorize and control information system-related items entering and exiting the physically secure location. (§ 5.9.1.8 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • The organization authorizes, monitors, and controls [FedRAMP Assignment: all information system components] entering and exiting the facility and maintains records of those items. (PE-16 High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization authorizes, monitors, and controls [FedRAMP Assignment: all information system components] entering and exiting the facility and maintains records of those items. (PE-16 Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization authorizes, monitors, and controls [FedRAMP Assignment: all information system components] entering and exiting the facility and maintains records of those items. (PE-16 Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Authorize and control [FedRAMP Assignment: all information system components] entering and exiting the facility; and (PE-16a., FedRAMP Security Controls High Baseline, Version 5)
  • Authorize and control [FedRAMP Assignment: all information system components] entering and exiting the facility; and (PE-16a., FedRAMP Security Controls Low Baseline, Version 5)
  • Authorize and control [FedRAMP Assignment: all information system components] entering and exiting the facility; and (PE-16a., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Perform security checks [Assignment: organization-defined frequency] at the physical perimeter of the facility or system for exfiltration of information or removal of system components. (PE-3(2) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Perform security checks [Assignment: organization-defined frequency] at the physical perimeter of the facility or system for exfiltration of information or removal of system components. (PE-3(2) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control: Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control: Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control: High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization performs security checks [Assignment: organization-defined frequency] at the physical boundary of the facility or information system for unauthorized exfiltration of information or removal of information system components. (PE-3(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Perform security checks [Assignment: organization-defined frequency] at the physical perimeter of the facility or system for exfiltration of information or removal of system components. (PE-3(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Perform security checks [Assignment: organization-defined frequency] at the physical perimeter of the facility or system for exfiltration of information or removal of system components. (PE-3(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Authorize and control [Assignment: organization-defined types of system components] entering and exiting the facility; and (PE-16a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control:, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • The organization authorizes, monitors, and controls [TX-RAMP Assignment: all information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, TX-RAMP Security Controls Baseline Level 1)
  • The organization authorizes, monitors, and controls [TX-RAMP Assignment: all information system components] entering and exiting the facility and maintains records of those items. (PE-16 Control, TX-RAMP Security Controls Baseline Level 2)