Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-14-1

Cybersecurity requirements for physical protection of information and technology assets must be defined, documented and approved.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-14-2

The cybersecurity requirements for physical protection of information and technology assets must be implemented.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-14-3

  1. The cybersecurity requirements for physical protection of information and technology assets must include at least the following:
    1. Authorized access to sensitive areas within the organization (e.g., data center, disaster recovery center, sensitive information processing facilities, security surveillance center, network cabinets).
    2. Facility entry/exit records and CCTV monitoring.
    3. Protection of facility entry/exit and surveillance records.
    4. Secure destruction and re-use of physical assets that hold classified information (including documents and storage media).
    5. Security of devices and equipment inside and outside the organization’s facilities.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-14-4

The cybersecurity requirements for physical protection of information and technology assets must be reviewed periodically.
View Requirement