Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization monitors physical intrusion alarms and surveillance equipment.
NIST 800-53 (r5) Discussion
Physical intrusion alarms can be employed to alert security personnel when unauthorized access to the facility is attempted. Alarm systems work in conjunction with physical barriers, physical access control systems, and security guards by triggering a response when these other forms of security have been compromised or breached. Physical intrusion alarms can include different types of sensor devices, such as motion sensors, contact sensors, and broken glass sensors. Surveillance equipment includes video cameras installed at strategic locations throughout the facility.
38North Guidance:
Meets Minimum Requirement:
Uses alarms that alert personnel in the event of unauthorized access or access attempts.
Sufficient video cameras installed to monitor access.
Alarms and cameras are monitored, either onsite or remotely.
Best Practice:
24x7x365 monitoring of alarms and video feeds.
Auditory and visual (e.g. flashing lights) alarms.
Posted notices declaring that alarms will sound in the event of unauthorized access.
Combining motion sensors with video feeds to alert monitors of activity.
Combination of offsite and onsite monitoring.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review list of physical alarms in place.
Review camera diagram and assess sufficiency.
Observe monitoring.
Test alarms.
Interview guards to understand monitoring processes and to ensure that guards understand how to handle various alarms.
CSP Implementation Tips:
AWS: Fully inherited
Azure: Fully inherited
GCP: Fully inherited
Page updated
Report abuse