PE-06 Monitoring Physical Access

Control: The organization monitors physical access to the information system to detect and respond to physical security incidents.

Supplemental Guidance: The organization reviews physical access logs periodically and investigates apparent security violations or suspicious physical access activities. Response to detected physical security incidents is part of the organization’s incident response capability.

Control Enhancements:

(1) The organization monitors real-time physical intrusion alarms and surveillance equipment.

(2) The organization employs automated mechanisms to recognize potential intrusions and initiate appropriate response actions.

Baseline: LOW PE-6 MOD PE-6 (1) HIGH PE-6 (1) (2)

Family: Physical And Environmental Protection

Class: Operational

ISO 17799 mapping: 9.1.2

COBIT 4.1 mapping: DS12.3

PCI-DSS v2 mapping: 9.1.1