Physical access requirements are established and maintained (for example, rules for who is allowed to access an asset, how access is granted, limits of allowed access)
Context and Guidance: It is the asset owner’s responsibility to ensure that requirements for protecting and sustaining assets are defined for assets under the owner’s control, including requirements for controlling physical access. For example, physical access requirements for vendor visits to a data center might require issuance of a temporary badge, escorted access, and a staff member monitoring the visitor's activities.
Related Practices • Input From: Implementing ARCHITECTURE-3a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-3a, ACCESS-3d, ACCESS-3e, ACCESS-3f, ACCESS-3g.