http://cyfun.data.gift/data/requirement_PR_AA_06_3

http://cyfun.data.gift/data/requirement_PR_AA_06_3
Concept

Properties and relations

Direct links from the subject.

Property Value

type

The subject is an instance of a class.

http://cyfun.data.gift/ontology#Requirement

type

The subject is an instance of a class.

Concept

An idea or notion; a unit of thought.

label

A human-readable name for the subject.

PR.AA-06.3: Critical zones shall have additional physical access controls beyond those applied to general facilities.

http://cyfun.data.gift/ontology#requirementId

PR.AA-06.3

http://cyfun.data.gift/ontology#foundIn

http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p102

has broader

Relates a concept to a concept that is more general in meaning.

http://cyfun.data.gift/data/subcategory_PR.AA-06

note

A general note, for any purpose.

The goal of this control is to reduce the risk of unauthorised physical access to areas essential for operational continuity, data integrity, and personnel and equipment safety by applying stricter access measures than those used in general facility areas. To achieve this goal, the following actions should be taken: - Critical zones should be identified during asset classification. These typically include: - Production and Operational Technology (OT) environments - Server rooms and data centres - Finance and Human Resources offices - Control rooms - Locations storing sensitive or classified information - The following enhanced physical access controls should be considered: - Dual-factor authentication (e.g. badge + biometrics) - Continuous surveillance (e.g. CCTV, motion sensors) - Access logging with regular review - On-site or patrolling security personnel - Alarm systems with real-time alerts - Visitor management procedures: - Pre-approval and escorting - Time-limited access - Visitor logs - Ensure consistency with broader physical access policies, including: - PR.AA-06.1 – Risk-based access control - PR.AA-06.2 – Emergency access procedures - PR.AA-06.4 – Physical protection of assets - Adapt controls to the criticalityofeach zone and integrate them into the overall physical securitystrategy.

note

A general note, for any purpose.

<div><p>The goal of this control is to reduce the risk of unauthorised physical access to areas essential for operational continuity, data integrity, and personnel and equipment safety by applying stricter access measures than those used in general facility areas. To achieve this goal, the following actions should be taken:</p><ul><li>Critical zones should be identified during asset classification. These typically include:<ul><li>Production and Operational Technology (OT) environments</li><li>Server rooms and data centres</li><li>Finance and Human Resources offices</li><li>Control rooms</li><li>Locations storing sensitive or classified information</li></ul></li><li>The following enhanced physical access controls should be considered:<ul><li>Dual-factor authentication (e.g. badge + biometrics)</li><li>Continuous surveillance (e.g. CCTV, motion sensors)</li><li>Access logging with regular review</li><li>On-site or patrolling security personnel</li><li>Alarm systems with real-time alerts</li><li>Visitor management procedures:<ul><li>Pre-approval and escorting</li><li>Time-limited access</li><li>Visitor logs</li></ul></li></ul></li><li>Ensure consistency with broader physical access policies, including:<ul><li>PR.AA-06.1 – Risk-based access control</li><li>PR.AA-06.2 – Emergency access procedures</li><li>PR.AA-06.4 – Physical protection of assets</li></ul></li><li>Adapt controls to the criticalityofeach zone and integrate them into the overall physical securitystrategy.</li></ul></div>

note

A general note, for any purpose.

The goal of this control is to reduce the risk of unauthorised physical access to areas essential for operational continuity, data integrity, and personnel and equipment safety by applying stricter access measures than those used in general facility areas. To achieve this goal, the following actions should be taken: • Critical zones should be identified during asset classification. These typically include: o Production and Operational Technology (OT) environments o Server rooms and data centres o Finance and Human Resources offices o Control rooms o Locations storing sensitive or classified information • The following enhanced physical access controls should be considered: o Dual-factor authentication (e.g. badge + biometrics) o Continuous surveillance (e.g. CCTV, motion sensors) o Access logging with regular review o On-site or patrolling security personnel o Alarm systems with real-time alerts o Visitor management procedures: - Pre-approval and escorting - Time-limited access - Visitor logs • Ensure consistency with broader physical access policies, including: o PR.AA-06.1 – Risk-based access control o PR.AA-06.2 – Emergency access procedures o PR.AA-06.4 – Physical protection of assets • Adapt controls to the criticalityofeach zone and integrate them into the overall physical securitystrategy.

note

A general note, for any purpose.

The goal of this control is to reduce the risk of unauthorised physical access to areas essential for operational continuity, data integrity, and personnel and equipment safety by applying stricter access measures than those used in general facility areas. To achieve this goal, the following actions should be taken: - Critical zones should be identified during asset classification. These typically include: - Production and Operational Technology (OT) environments - Server rooms and data centres - Finance and Human Resources offices - Control rooms - Locations storing sensitive or classified information - The following enhanced physical access controls should be considered: - Dual-factor authentication (e.g. badge + biometrics) - Continuous surveillance (e.g. CCTV, motion sensors) - Access logging with regular review - On-site or patrolling security personnel - Alarm systems with real-time alerts - Visitor management procedures: - Pre-approval and escorting - Time-limited access - Visitor logs - Ensure consistency with broader physical access policies, including: - PR.AA-06.1 – Risk-based access control - PR.AA-06.2 – Emergency access procedures - PR.AA-06.4 – Physical protection of assets - Adapt controls to the criticalityofeach zone and integrate them into the overall physical securitystrategy.

notation

A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme.

PR.AA-06.3

alternative label

skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties.

Critical zone additional access controls

preferred label

A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag.

Critical zones shall have additional physical access controls beyond those applied to general facilities.

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_ESSENTIAL

http://cyfun.data.gift/ontology#level

http://cyfun.data.gift/data/level_ESSENTIAL

triple count

The number of triples associated with the subject.

17

in dataset

Specifies the dataset the subject is part of.

http://data.gift/d/datasets/69E8863AA6CE46D9ACD13109

Resultaten 1 - 19 of 19

References

Inverse links to the subject.

Property Subject

http://cyfun.data.gift/ontology#hasRequirement

http://cyfun.data.gift/data/subcategory_PR.AA-06

has narrower

Relates a concept to a concept that is more specific in meaning.

http://cyfun.data.gift/data/subcategory_PR.AA-06

Resultaten 1 - 1 of 1