PE-2: Physical Access Authorizations
NIST Baseline: Low
DIR Required By: 01/20/2023
Review Date: 07/24/2024
- Information resource owners with responsibility over Tarleton State University (Tarleton) information resource facilities and/or infrastructure equipment shall:
- Establish a policy identifying positions or roles with authorized access to the facility where the information resource resides;
- Develop, approve, and maintain, in a system of record as determined by the Tarleton Chief Information Security Officer (CISO), a list of individuals based on the identified positions or roles with authorized access to the facility where the information resource resides;
- Issue authorization credentials for facility access;
- Review the access list detailing authorized facility access by individuals periodically;
- Remove individuals from the facility access list when access is no longer required; and
- Restrict unescorted access to the facility where the information resource resides to personnel with a formal access authorization for all information contained within the facility.