Sec. 10.10.11.21. BAR Information Security — Physical Safeguards

Latest version.

A trusted partner shall establish physical safeguards to guard BAR information integrity, confidentiality, and availability, which include:

A. Physical protection of the personal computer system used for viewing BAR information and related buildings and equipment from:

(1) Fire;

(2) Natural and environmental hazards;

(3) Disasters; and

(4) Intrusion;

B. A secure work station location with physical safeguards to eliminate or minimize the possibility of unauthorized access to BAR information, including:

(1) Locating a personal computer used to access and view BAR information in a locked room;

(2) Restricting access to the locked room to authorized personnel by using:

(a) Electronic keypads;

(b) Electronic access badges; or

(c) Door locks;

(3) Placing the computer monitor in a way that screen contents are not viewable by an unauthorized person;

(4) Locking file cabinets, desks, and desk drawers that contain BAR information:

(a) During nonworking hours; and

(b) When the BAR information custodian is not present in the immediate area; and

(5) Making BAR information nonviewable or unobtainable before admitting an unauthorized person into the workspace;

C. BAR information media control procedures that govern the receipt, removal, and disposal of BAR information CD-R discs or thumb drives into or out of the facility, which include:

(1) Access control so that only the BAR information custodian can receive the BAR information media;

(2) Accountability procedures that trace the receipt, removal, and disposal of BAR information media;

(3) BAR information storage; and

(4) Tracking the disposal process and the final disposition of:

(a) Electronic BAR information; and

(b) BAR information hardware on which electronic BAR information is stored;

D. Emergency mode operation access controls that enable continuing protection to BAR information in the event of:

(1) Fire;

(2) Vandalism;

(3) Natural disaster; or

(4) BAR information computer information system failure;

E. A facility security plan to safeguard BAR information on the premises from unauthorized physical access, tampering, and theft;

F. Verifying access authorizations before granting physical access;

G. Maintaining documentation of repairs and modifications to the physical components of the facility including:

(1) Hardware;

(2) Walls;

(3) Doors; and

(4) Locks; and

H. Procedures governing the reception and hosting of visitors, including:

(1) Sign-in logs for visitors; and

(2) Providing escorts for visitors, if appropriate.

                    
                        var val = document.getElementById('citecontent').innerHTML;
                        art.dialog.defaults.title = window.location.href;
                        art.dialog.data('cite', val);
                        art.dialog.data('homeDemoPath', '/Scripts/plus/artDialog/');
                        art.dialog.open('/Scripts/plus/artDialog/citeiframe.html');