Physical Protection Requirements

Definition

A physical protection requirement is any security requirement that specifies a required amount of the security quality subfactor physical protection.

Objectives

The typical objectives of a physical protection requirement are to:

• Ensure that an application or center are protected against the physical damage, destruction, theft, or replacement of hardware, software, or personnel components due to vandalism, sabotage, or terrorism.

Examples

The following are typical examples of physical protection requirements:

• “The data center shall protect its hardware components from physical damage, destruction, theft, or surreptitious replacement.”
• “data center shall protect its personnel from death, injury, and kidnapping.”

Guidelines

The following guidelines have been found to be useful when producing physical protection requirements:

• The scope of a physical protection requirement can be:
  • A business enterprise
  • An application
  • A component
  • A center
• Avoid confusing survivability requirements with physical protection requirements. Survivability requirements specify continued functioning after an attack, whereas physical protection requirements specify the protection of components. Physical protection requirements are often prerequisites for survivability requirements.
• Physical protection requirements should not be confused with (nor specified in terms of) the types of security architecture mechanisms that are typically used to implement them:
  • Locked Doors.
  • Security Guards.
  • Rapid Access to Police.