PE-18 Location Of Information System Components

Control: The organization positions information system components within the facility to minimize potential damage from physical and environmental hazards and to minimize the opportunity for unauthorized access.

Supplemental Guidance: Physical and environmental hazards include, for example, flooding, fire, tornados, earthquakes, hurricanes, acts of terrorism, vandalism, electrical interference, and electromagnetic radiation. Whenever possible, the organization also considers the location or site of the facility with regard to physical and environmental hazards.

Control Enhancements: (1) The organization plans the location or site of the facility where the information system resides with regard to physical and environmental hazards and for existing facilities, considers the physical and environmental hazards in its risk mitigation strategy.

Baseline: LOW Not Selected MOD PE-18 HIGH PE-18 (1)

Family: Physical And Environmental Protection

Class: Operational

ISO 17799 mapping: 9.2.1

COBIT 4.1 mapping: DS12.1

PCI-DSS v2 mapping: None.