Skip to main content

πŸ’Ό PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk

Description​

  1. Use security guards, security cameras, locked entrances, alarm systems, and other physical controls to monitor facilities and restrict access
  2. Employ additional physical security controls for areas that contain high-risk assets
  3. Escort guests, vendors, and other third parties within areas that contain business-critical assets

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/pr-ac/02
    • /frameworks/nist-csf-v1.1/pr-pt/04
    • /frameworks/nist-sp-800-53-r5/pe/02
    • /frameworks/nist-sp-800-53-r5/pe/03
    • /frameworks/nist-sp-800-53-r5/pe/04
    • /frameworks/nist-sp-800-53-r5/pe/05
    • /frameworks/nist-sp-800-53-r5/pe/06
    • /frameworks/nist-sp-800-53-r5/pe/08
    • /frameworks/nist-sp-800-53-r5/pe/18
    • /frameworks/nist-sp-800-53-r5/pe/19
    • /frameworks/nist-sp-800-53-r5/pe/20

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-2: Physical access to assets is managed and protected
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.PT-4: Communications and control networks are protected719
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-2 Physical Access Authorizations3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-3 Physical Access Control8
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-4 Access Control for Transmission
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-5 Access Control for Output Devices3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-6 Monitoring Physical Access4
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-8 Visitor Access Records3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-18 Location of System Components1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-19 Information Leakage1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-20 Asset Monitoring and Tracking

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (19)​

PolicyLogic CountFlags
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟒1🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ AWS S3 Bucket Policy is not set to deny HTTP requests 🟒1🟒 x6
πŸ“ Azure App Service FTP deployments are not disabled 🟒1🟒 x6
πŸ“ Azure App Service HTTPS Only configuration is not enabled 🟒1🟒 x6
πŸ“ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure Storage Account Secure Transfer Required is not enabled 🟒1🟒 x6
πŸ“ Google BigQuery Dataset is anonymously or publicly accessible 🟒1🟒 x6
πŸ“ Google Cloud SQL Instance External Authorized Networks do not whitelist all public IP addresses 🟒1🟒 x6
πŸ“ Google GCE Instance has a public IP address 🟒1🟒 x6
πŸ“ Google GCE Network has Firewall Rules which allow unrestricted SSH access from the Internet 🟒1🟒 x6
πŸ“ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites 🟒🟒 x3
πŸ“ Google Storage Bucket is anonymously or publicly accessible 🟒1🟒 x6