PE-02 Physical Access Authorizations

Control: The organization develops and keeps current a list of personnel with authorized access to the facility where the information system resides (except for those areas within the facility officially designated as publicly accessible) and issues appropriate authorization credentials. Designated officials within the organization review and approve the access list and authorization credentials [Assignment: organization-defined frequency, at least annually].

Supplemental Guidance: Appropriate authorization credentials include, for example, badges, identification cards, and smart cards. The organization promptly removes from the access list personnel no longer requiring access to the facility where the information system resides.

Control Enhancements: (0) None.

Baseline: LOW PE-2 MOD PE-2 HIGH PE-2

Family: Physical And Environmental Protection

Class: Operational

ISO 17799 mapping: 9.1.2, 9.1.6

COBIT 4.1 mapping: DS12.3

PCI-DSS v2 mapping: 9.1