The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The tenth of the 14 Families of Requirements for NIST 800-171 compliance is physical protection.
What is Physical Protection in Terms of NIST 800-171?
The Physical Protection family of requirements addresses security of the physical facility and access to IT environments, as well as requirements surrounding site visitors and the security of off-site worksites. Physical access is limited to authorized users; visitors must be escorted and physical access logs maintained. Physical access devices and alternate work sites must be secured. A physical security plan and a business continuity plan outlining the use of alternate work sites are required. Physical security consists of 2 Basic Security requirements and 4 Derived Security requirements.
Basic Security Requirements
- 3.10.1 Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals.
- 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems.
Derived Security Requirements
- 3.10.3 Escort visitors and monitor visitor activity
- 3.10.4 Maintain audit logs of physical access.
- 3.10.5 Control and manage physical access devices.
- 3.10.6 Enforce safeguarding measures for CUI at alternate work sites.
For information on enterprise and user security when teleworking check out SP 800-46 and SP 800-114. To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC.
NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here. Stay up to date with our latest content by following NeQter Labs on Twitter, Facebook, LinkedIn, and Youtube.