Description
The organization authorizes and controls information system-related items entering and exiting the facility and maintains appropriate records of those items.
Supplemental Guidance
The organization controls delivery areas and, if possible, isolates the areas from the information system and media libraries to avoid unauthorized physical access.
Changes from Rev 4
Changes control text by removing 'monitors'
Enhancements
(0) None.
Compliance Mappings
COBIT 2019
DSS01DSS05
SOC 2 TSC
A1.2
CSA CCM v4
DCS-02
CSA AICM v1
DCS-02
BSI IT-Grundschutz
INF.1INF.2
ANSSI
Hygiene.37SecNumCloud.12.2
OSFI B-13
B-13.2.1
EU GDPR
Art.32(1)(b)
RBI CSF
Annex1.1
FISC Security Guidelines
FISC.F3
SAMA CSF
3.9
UAE IA
T6
Qatar NIA
AMPS
BoG CISD
CISD-XIV
FFIEC IS
II.C.13(d)II.C.8
HIPAA Security Rule
ยง164.310(d)(2)(iii)
CMMC 2.0
PE
NERC CIP
CIP-006-6
Lloyd's Minimum Standards
PHYS.1
HITRUST CSF v11
08.b09.f
ISO 17799 (legacy)
9.1.69.2.710.7.1
COBIT 4.1 (legacy)
DS12.2