PE-18 Location Of Information System Components

Physical and Environmental Protection

Low Moderate High

Description

The organization positions information system components within the facility to minimize potential damage from physical and environmental hazards and to minimize the opportunity for unauthorized access.

Supplemental Guidance

Physical and environmental hazards include, for example, flooding, fire, tornados, earthquakes, hurricanes, acts of terrorism, vandalism, electrical interference, and electromagnetic radiation. Whenever possible, the organization also considers the location or site of the facility with regard to physical and environmental hazards.

Enhancements

(1) The organization plans the location or site of the facility where the information system resides with regard to physical and environmental hazards and for existing facilities, considers the physical and environmental hazards in its risk mitigation strategy.

Compliance Mappings

ISO 27001:2022

A.7.8

ISO 27002:2022

7.37.8

COBIT 2019

DSS01DSS05

SOC 2 TSC

A1.2

CSA CCM v4

DCS-15

CSA AICM v1

DCS-15

ISO 42001:2023

A.4.5

BSI IT-Grundschutz

INF.1INF.2

ANSSI

Hygiene.37Hygiene.38SecNumCloud.12.1

FINMA Circular 2023/1

IV.A(28)IV.D(81)

OSFI B-13

B-13.2.6

BIO2

7.37.8

RBI CSF

Annex1.3ITGRCA.18

FISC Security Guidelines

FISC.F1

HKMA TM-E-1

TME1.5.1

MLPS 2.0

8.1.1.1

SAMA CSF

3.7

NCA ECC

1-11

UAE IA

CBB TM

TM-10

Qatar NIA

CBE CSF

CTO-10

SA JS2

JS2-PE

BoG CISD

CISD-XIV

BoM CTRM

3.5

IOSCO Cyber Resilience

PROT-5

FFIEC IS

II.C.8

HIPAA Security Rule

§164.310(a)(1)§164.310(b)

ECB CROE

CROE.2.3.6

EBA ICT Guidelines

3.4.3

SEBI CSCRF

PR.PE

BOT Cyber Resilience

Ch2.8

CMMC 2.0

NERC CIP

CIP-006-6

PCI PTS v6

PCI HSM

Solvency II

EIOPA-ICT-4.5

Lloyd's Minimum Standards

PHYS.1

HITRUST CSF v11

08.a

ISO 27799

11.111.2

OWASP MASVS v2.1

MASVS-PLATFORM-3

CCSS v9.0

1.03.4

Basel SCO60

SCO60.64

ISO 17799 (legacy)

9.2.1

COBIT 4.1 (legacy)

DS12.1