SS-08-015 Facilities Security

Issue Date: 3/31/2008

Effective Date: 3/31/2008

Review Date: 7/1/2018

PURPOSE

To ensure that agencies take appropriate measures to safeguard the physical perimeter and facilities that house state information resources from unauthorized access, damage or environmental threats.

STANDARD

All agencies shall identify the perimeter of facilities, conduct a risk analysis and implement appropriate facilities hardening measures to prevent and detect unauthorized access, damage, or environmental hazards to facilities or areas that contain State information resources.

Facilities housing sensitive State information resources (data processing centers), shall prevent external visual and audio observation and the walls shall be extended from true floor to true ceiling. (This height will prevent unauthorized entry and minimize environmental contamination such as that caused by fires and floods.)

Appropriate control mechanisms or procedures shall be applied to prevent and alert to unauthorized entry attempts into non-public facilities and offices.  Access to areas within facilities that house sensitive or critical State information resources shall have additional controls that restrict and monitor access into these areas to authorized persons only.

All facilities shall have a documented emergency plan for evacuation and protection of assets.  Employees shall be aware of their roles and responsibilities outlined in the plan.

Physical facilities shall comply with all local building codes for structural stability and safety.

REFERENCES

NIST SP800-12 Information Security Handbook (Ch 15)

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Physical and Environmental Security (PS-08-013)

Computer Operations Center Security (SS-08-016)