← Controls / PE

PE-02 Physical Access Authorizations

Physical and Environmental Protection

Low Moderate High

Description

The organization develops and keeps current a list of personnel with authorized access to the facility where the information system resides (except for those areas within the facility officially designated as publicly accessible) and issues appropriate authorization credentials. Designated officials within the organization review and approve the access list and authorization credentials [Assignment: organization-defined frequency, at least annually].

Supplemental Guidance

Appropriate authorization credentials include, for example, badges, identification cards, and smart cards. The organization promptly removes from the access list personnel no longer requiring access to the facility where the information system resides.

Enhancements

(0) None.

Compliance Mappings

ISO 27001:2022

A.7.2A.7.6

ISO 27002:2022

7.27.6

COBIT 2019

DSS01DSS05

NIST CSF 2.0

PR.AA-06

SOC 2 TSC

CC6.4

PCI DSS v4.0.1

9.29.3

CSA CCM v4

DCS-03DCS-09

CSA AICM v1

DCS-03DCS-09

BSI IT-Grundschutz

INF.1INF.2

ANSSI

Hygiene.37SecNumCloud.12.2

FINMA Circular 2023/1

IV.B.d(59)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(b)

EU DORA

Art.9(1)

BIO2

7.27.6

RBI CSF

Annex1.3ITGRCA.18

FISC Security Guidelines

FISC.F1

LGPD + BCB 4893

LGPD.Art.46

HKMA TM-E-1

TME1.11.1TME1.5.1

MLPS 2.0

8.1.1.28.1.10.18.1.8.3

DNB Good Practice

DNB.21.1DNB.21.2DNB.8.5

SWIFT CSCF

SWIFT.3.1

SAMA CSF

3.7

NCA ECC

1-11

UAE IA

T6

CBB TM

TM-10

Qatar NIA

HRPS

CBE CSF

CTO-10

SA JS2

JS2-PE

CBN CSF

Part10

BoG CISD

CISD-XIV

POPIA

s19

BoM CTRM

3.5

IOSCO Cyber Resilience

PROT-5

CPMI-IOSCO PFMI

CG.PRPFMI.P17

FFIEC IS

II.C.8

HIPAA Security Rule

§164.310(a)(1)§164.310(a)(2)(ii)§164.310(a)(2)(iii)§164.310(c)

ECB CROE

CROE.2.3.6

EBA ICT Guidelines

3.4.3

SEBI CSCRF

PR.PE

BOT Cyber Resilience

Ch2.8

CMMC 2.0

PE

NERC CIP

CIP-006-6

10 CFR 73.54

RG5.71-B-PE

API 1164

Sec 14

AWIA

AWWA Sec 3

IAEA NSS 17-T

Sec 10

PCI HSM

6

ISAE 3402

Clause 4

Solvency II

EIOPA-ICT-4.5

Lloyd's Minimum Standards

PHYS.1

NAIC Insurance Data Security

4B

PRA SS1/23

P-IT.3

HITRUST CSF v11

02.c08.a

ISO 27799

11.1

CCSS v9.0

1.01.11.01.71.03.6

Basel SCO60

SCO60.61SCO60.62SCO60.63SCO60.64SCO60.65

BSSC Standards

NOS-09

SEC Custody (Digital Assets)

SEC-CD-02SEC-CD-06SEC-CD-08SEC-CD-16

ISO 17799 (legacy)

9.1.29.1.6

COBIT 4.1 (legacy)

DS12.3