Device Class 2: Access Control For Output Devices

Control ID: PE-5 Access Control For Output Devices Family: Physical and Environmental Protection Source: NIST 800-53r4
Control: The organization: The organization controls physical access to information system output devices to prevent unauthorized individuals from obtaining the output.
Supplemental Guidance:
Controlling physical access to output devices includes, for example, placing output devices in locked rooms or other secured areas and allowing access to authorized individuals only, and placing output devices in locations that can be monitored by organizational personnel. Monitors, printers, copiers, scanners, facsimile machines, and audio devices are examples of information system output devices. In the case of C-ITS, this control applies to device design and related information developed during the development phase of a device's life cycle.

Related Controls: PE-2, PE-3, PE-4, PE-18
Control Enhancements: N/A
References: N/A
Mechanisms:

  • Any network connected output device shall have appropriate physical access control restricting unauthorized use or tampering with the device. These devices are often easy targets for intruders to gain network access to the corporate infrastructure. This is sometimes challenging with networked meeting rooms and presentation podiums.
  • An additional control would be to place all semi-public devices on a separate sub-network and restrict their network capabilities.

Protocol Implementation Conformance Statements: N/A