Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.109 Monitor restricted areas

This document contains the details of the security requirements related to the definition and management of access control in the organization. This requirement establishes the importance of monitoring restricted areas in order to protect the information assets there stored.

Requirement

Restricted areas must have physical detection control access mechanisms (cameras, security workforce, heat sensors, etc)

References

  1. HIPAA Security Rules 164.308(a)(3)(ii)(A): Authorization and/or Supervision: Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed.

  2. HIPAA Security Rules 164.310(a)(1) Facility Access Controls: Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.

  3. HIPAA Security Rules 164.310(a)(2)(ii): Facility Security Plan: Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft

  4. HIPAA Security Rules 164.310(c): Workstation Security: Implement physical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.


Service status - Terms of Use