Tue Mar 10 20:41:42 PDT 2015

Zones: Physical separation: How are zones and subzones physically separated and controlled?


Option A: The design basis threat.
Option B:The operating environment.
Option C: Duties to protect.
Option D: Revisit design basis threat as it changes over time.
Option E: Follow applicable elements of applicable standards and requirements.
Option F: Due diligence requirements.

Option Q: Use proper signage to warn against inappropriate actions.
Option R: Provide periodic (at rate) training and suitable education relating to physical security requirements.
Option S: Provide obvious presence of (or don't seek to conceal) some security measures and response forces.

Option 1: Physically separate {zones / subzones / components} by adequate {distance / shielding / insulation / isolation}.
Option 2: Use different {colors / markings / connector types / media types / cable runs / wire closets / physical spaces / frequency ranges / signaling methods / routing and switching hardware} for different {zones / subzones}.
Option 3: {Associate / label / mark} unique {serial numbers and/or device codes} to each physical item and map them to their respective {zone / subzone / location / connection point}.
Option 4: Map each connector to a specific receptacle and number and label them as a readily apparent matched set.
Option 5: Limit interfaces so that none are unused.
Option 6: Physically secure, label, and seal each connection.
Option 7: Use only point to point (dedicated end-to-end) connections.
Option 8: Use active countermeasures to identified weaknesses.

Detect, react, and adapt:
Option V: Place physical {tamper / access / presence} {alarms / detectors} on {devices / connections / cables / spaces / entries and exits}.
Option W: Surveil physical {access / presence / emanations} to/from {devices / connections / cables / spaces / entries and exits}.
Option X: Perform regular physical inspections for detection and verification of implementation of protective measures with frequency based on the design basis threat.
Option Y: Implement response regimens and actions to event sequences per a systems analysis based on the design-basis threat.
Option Z: Follow incidents up with investigative and adaptation processes to identify and mitigate root causes of incidents and improve performance.


Basis: Deter: Prevent: Detect, react, and adapt:
Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved