A.11.1.3: Securing Offices, Rooms, and Facilities
Ensure that offices, rooms, and facilities are physically secure.
A.11.1.1: Physical Security Perimeter
Establish physical security perimeters to protect areas that contain information and information processing facilities.
A.10.1.1: Policy on the Use of Cryptographic Controls
Develop and implement a policy on the use of cryptographic controls.
A.9.4.4: Use of Privileged Utility Programs
Restrict and control the use of privileged utility programs.
A.9.4.3: Password Management System
Ensure that the password management system is interactive and ensures quality passwords.
A.9.4.2: Secure Log-on Procedures
Ensure that access to systems and applications is controlled by a secure log-on procedure.
A.9.4.1: Information Access Restriction
Restrict access to information and application system functions in accordance with the access control policy.
A.9.3.1: Use of Secret Authentication Information
Require users to follow the organization’s practices for the use of secret authentication information.
A.9.2.6: Removal or Adjustment of Access Rights
Ensure that access rights of all employees, contractors, and third-party users to information and information processing facilities are removed upon termination of their employment, contract, or agreement.