💼 PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk

• Contextual name: 💼 PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk
• ID: /frameworks/nist-csf-v2.0/pr-aa/06
• Located in: 💼 Identity Management, Authentication, and Access Control (PR.AA)

Description

1. Use security guards, security cameras, locked entrances, alarm systems, and other physical controls to monitor facilities and restrict access
2. Employ additional physical security controls for areas that contain high-risk assets
3. Escort guests, vendors, and other third parties within areas that contain business-critical assets

Similar

• Sections
  • /frameworks/nist-csf-v1.1/pr-ac/02
  • /frameworks/nist-csf-v1.1/pr-pt/04
  • /frameworks/nist-sp-800-53-r5/pe/02
  • /frameworks/nist-sp-800-53-r5/pe/03
  • /frameworks/nist-sp-800-53-r5/pe/04
  • /frameworks/nist-sp-800-53-r5/pe/05
  • /frameworks/nist-sp-800-53-r5/pe/06
  • /frameworks/nist-sp-800-53-r5/pe/08
  • /frameworks/nist-sp-800-53-r5/pe/18
  • /frameworks/nist-sp-800-53-r5/pe/19
  • /frameworks/nist-sp-800-53-r5/pe/20

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.AC-2: Physical access to assets is managed and protected
💼 NIST CSF v1.1 → 💼 PR.PT-4: Communications and control networks are protected		7	13
💼 NIST SP 800-53 Revision 5 → 💼 PE-2 Physical Access Authorizations	3
💼 NIST SP 800-53 Revision 5 → 💼 PE-3 Physical Access Control	8
💼 NIST SP 800-53 Revision 5 → 💼 PE-4 Access Control for Transmission
💼 NIST SP 800-53 Revision 5 → 💼 PE-5 Access Control for Output Devices	3
💼 NIST SP 800-53 Revision 5 → 💼 PE-6 Monitoring Physical Access	4
💼 NIST SP 800-53 Revision 5 → 💼 PE-8 Visitor Access Records	3
💼 NIST SP 800-53 Revision 5 → 💼 PE-18 Location of System Components	1
💼 NIST SP 800-53 Revision 5 → 💼 PE-19 Information Leakage	1
💼 NIST SP 800-53 Revision 5 → 💼 PE-20 Asset Monitoring and Tracking

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (13)

Policy	Logic Count	Flags
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟢	1	🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 Azure App Service FTP deployments are not disabled 🟢	1	🟢 x6
📝 Azure App Service HTTPS Only configuration is not enabled 🟢	1	🟢 x6
📝 Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟢	1	🟢 x6
📝 Azure Storage Account Secure Transfer Required is not enabled 🟢	1	🟢 x6