::
Control/Practice:
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals
Objective(s):
Determine if:
[a] authorized individuals allowed physical access are identified;
[b] physical access to organizational systems is limited to authorized individuals;
[c] physical access to equipment is limited to authorized individuals; and
[d] physical access to operating environments is limited to authorized individuals.
Potential Assessment Considerations:
To-do Actions