19 - Security measures to restrict physical access to sensitive areas should be implemented
Purpose:
Protect data that isn’t virtual/access to sensitive systems
Best Practices:
Develop and frequently update a set of physical security policies
Examples:
Locking file cabinets with sensitive data, putting keycard scanners at the entrances to sensitive areas
20 - Comprehensive physical security policies should be developed to guide personnel and equipment protection
Purpose:
Develop a record of how to adhere to physical security guidelines and educate employees
Best Practices:
Train employees on physical security policies as they are modified
Examples:
Designating storage/use policy for employee key cards, secure storage policies for keys