SecFrame Explorer
3/3
// Level 3 · Controls

Datacenter Security

DCS domain controls.

DCS-01Medium

Off-Site Equipment Disposal Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises.

DCS-02High

Off-Site Transfer Authorization Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software or data to an offsite or alternate location.

DCS-03Medium

Secure Area Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment.

DCS-04Medium

Secure Media Transportation Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure transportation of physical media.

DCS-05Medium

Assets Classification

Classify and document the physical, and logical assets based on the organizational business risk.

DCS-06Medium

Assets Cataloguing and Tracking

Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system.

DCS-07High

Controlled Access Points

Implement physical security perimeters to safeguard personnel, data, and information systems.

DCS-08Medium

Equipment Identification

Use equipment identification as a method for connection authentication.

DCS-09High

Secure Area Authorization

Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored.

DCS-10Medium

Surveillance System

Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points.

DCS-11High

Unauthorized Access Response Training

Train datacenter personnel to respond to unauthorized ingress or egress attempts.

DCS-12Medium

Cabling Security

Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables.

DCS-13Medium

Environmental Systems

Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness.

DCS-14Medium

Secure Utilities

Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals.

DCS-15Medium

Equipment Location

Keep business-critical equipment away from locations subject to high probability for environmental risk events.