Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

pe-18

location of information system components

assessment objective:

Determine if the organization:  

pe-18[1]  

defines physical hazards that could result in potential damage to information system components within the facility;

pe-18[2]  

defines environmental hazards that could result in potential damage to information system components within the facility;

pe-18[3]  

positions information system components within the facility to minimize potential damage from organization-defined physical and environmental hazards; and

pe-18[4]

positions information system components within the facility to minimize the opportunity for unauthorized access.

potential assessment methods and objects:

Examine: [select from: Physical and environmental protection policy; procedures addressing positioning of information system components; documentation providing the location and position of information system components within the facility; locations housing information system components within the facility; list of physical and environmental hazards with potential to damage information system components within the facility; other relevant documents or records].

Interview: [select from: Organizational personnel with responsibilities for positioning information system components; organizational personnel with information security responsibilities].

Test: [select from: Organizational processes for positioning information system components].