Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization controls physical access to [Assignment: organization-defined information system distribution and transmission lines] within organizational facilities using [Assignment: organization-defined security safeguards].
NIST 800-53 (r4) Supplemental Guidance:
Physical security safeguards applied to information system distribution and transmission lines help to prevent accidental damage, disruption, and physical tampering. In addition, physical safeguards may be necessary to help prevent eavesdropping or in transit modification of unencrypted transmissions. Security safeguards to control physical access to system distribution and transmission lines include, for example: (i) locked wiring closets; (ii) disconnected or locked spare jacks; and/or (iii) protection of cabling by conduit or cable trays. Related controls: MP-2, MP-4, PE-2, PE-3, PE-5, SC-7, SC-8.
NIST 800-53 (r5) Discussion:
Security controls applied to system distribution and transmission lines prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Security controls used to control physical access to system distribution and transmission lines include disconnected or locked spare jacks, locked wiring closets, protection of cabling by conduit or cable trays, and wiretapping sensors.
38North Guidance:
Meets Minimum Requirement:
Organizations have a degree of latitude to control physical access to transmission lines.
Define and document the transmission and / or utility lines that require additional safeguarding.
Cover lines with conduit or conceal them in trays to prevent physical access or accidental disruption.
Use locked wiring cabinet(s).
Best Practice:
Bury all incoming transmission and data lines in the exterior of the datacenter.
Conceal all interior transmission and data lines, both primary and redundancies.
Avoid running transmission or data lines at ground or wall level, where they might be access or inadvertently damaged.
Provide video monitoring of all transmission and data line access points.
Use locked wiring cabinets
Provide role-based access control to protect keys to cable trays or locked wiring cabinets
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Documentation defining what transmission and data lines require extra physical protection.
Documentation describing additional physical measures used to protect specific transmission and data lines.
Physical inspection of protection measures.
CSP Implementation Tips:
AWS: Fully inherited
Azure: Fully inherited
GCP: Fully inherited
Page updated
Report abuse