NIST CSF: PR.AC-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Physical access to assets is managed and protected

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
PE-8: Visitor Access Records
PE-5: Access Control for Output Devices
PE-3: Physical Access Control
PE-6: Monitoring Physical Access
PE-4: Access Control for Transmission
PE-2: Physical Access Authorizations

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Securing offices, rooms, and facilities (11.1.3)
ISO 27001:2013
Secure disposal or re-use of equipment (11.2.7)
ISO 27001:2013
Removal of assets (11.2.5)
ISO 27001:2013
Working in secure areas (11.1.5)
ISO 27001:2013
Equipment siting and protection (11.2.1)
ISO 27001:2013
Protecting against external and environmental threats (11.1.4)
ISO 27001:2013
Physical entry controls (11.1.2)
ISO 27001:2013
Physical security perimeter (11.1.1)
ISO 27001:2013
Cabling security (11.2.3)
ISO 27001:2013
Security of equipment and assets off-premises (11.2.6)
ISO 27001:2013
Delivery and loading areas (11.1.6)
ISO 27001:2013
Unattended user equipment (11.2.8)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Establish procedures for monitoring and alarming (4.3.3.3.8)
ISA/IEC 62443-2-1:2009
Establish physical security perimeters (4.3.3.3.2)
ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID	Name	Description
A3.a	Asset Management	Everything required to deliver, maintain or support networks and information systems necessary for the operation of essential functions is determined and understood. This includes data, people and systems, as well as any supporting infrastructure (such as power or cooling).
B3.c	Stored Data	You have protected stored data important to the operation of the essential function.
B5.b	Design for Resilience	You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated.

NIST CSF: PR.AC-2 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Securing offices, rooms, and facilities (11.1.3)

Secure disposal or re-use of equipment (11.2.7)

Removal of assets (11.2.5)

Working in secure areas (11.1.5)

Equipment siting and protection (11.2.1)

Protecting against external and environmental threats (11.1.4)

Physical entry controls (11.1.2)

Physical security perimeter (11.1.1)

Cabling security (11.2.3)

Security of equipment and assets off-premises (11.2.6)

Delivery and loading areas (11.1.6)

Unattended user equipment (11.2.8)

Related ISA/IEC 62443 Controls

Establish procedures for monitoring and alarming (4.3.3.3.8)

Establish physical security perimeters (4.3.3.3.2)

CSF Mapped to the NCSC CAF