IT Security Standard: Computing Devices - Physical Placement

Required

All Devices

  • All computing devices and storage media must be located in a space such that when unattended, one of the following controls are in place
    • the device and/or media is protected by entry controls to ensure that only authorized personnel are allowed access to the space containing the device and/or media,
    • the device and/or media is secured in a controlled container,
    • the device and/or media is physically secured to permanent furniture or structures within the space.

Single-user Devices Storing Level 1 Data

  • Single-user devices storing Level 1 data must be attended or secured with controls to ensure that only authorized personnel are allowed access to the device. 
  • Single-user devices storing Level 1 data located outside of spaces restricted to authorized personnel (e.g. traveling with a laptop) must encrypt the data following the encryption device requirements of this standard.

High Risk Enterprise Computing Devices

  • High Risk enterprise computing devices must be housed in a space with following characteristics:
    • Protected by entry controls to ensure that only authorized personnel are allowed access
    • Access to the space is logged independently from the person accessing the facility (e.g. automated logging technology, receptionist, etc.) and access logs are retained for six months.
    • Protected with an appropriate fire notification system and firefighting equipment
    • Cooling that ensures temperatures remain within equipment specifications
    • Uninterruptible power to ensure availability expectations for the device.
    • Communications cabling meets CSU TIP and ITRP Standards

All Devices

  • Only store Level 1 data on High Risk Enterprise Computing Devices.  The potential for Level 1 data to be compromised can be substantially reduced by only storing Level 1 data on High Risk Enterprise Computing Devices.

Enterprise Computing Devices

  • Protected by entry controls to ensure that only authorized personnel are allowed access
  • Protected with appropriate fire fighting equipment (e.g. fire extinguisher)
  • Cooling that ensures temperatures remain within equipment specifications
  • Uninterruptible power sufficient to allow operation in the event of a small power outage to prevent hardware damage or data corruption

 


Continue to System Configuration and Maintenance | Return to Table of Contents

 

 

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips