Red Hat Virtualization Manager - Physical and Environmental Protection

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
PE-1 Physical And Environmental Protection Policy And Procedures

not applicable

PE-2 Physical Access Authorizations

not applicable

PE-2 (1) Access By Position / Role
PE-2 (2) Two Forms Of Identification
PE-2 (3) Restrict Unescorted Access
PE-3 Physical Access Control

not applicable

PE-3 (1) Information System Access

planned

PE-3 (2) Facility / Information System Boundaries
PE-3 (3) Continuous Guards / Alarms / Monitoring
PE-3 (4) Lockable Casings
PE-3 (5) Tamper Protection
PE-3 (6) Facility Penetration Testing
PE-4 Access Control For Transmission Medium

not applicable

PE-5 Access Control For Output Devices

not applicable

PE-5 (1) Access To Output By Authorized Individuals
PE-5 (2) Access To Output By Individual Identity
PE-5 (3) Marking Output Devices
PE-6 Monitoring Physical Access

not applicable

PE-6 (1) Intrusion Alarms / Surveillance Equipment

not applicable

PE-6 (2) Automated Intrusion Recognition / Responses
PE-6 (3) Video Surveillance
PE-6 (4) Monitoring Physical Access To Information Systems

not applicable

PE-7 Visitor Control
PE-8 Visitor Access Records

not applicable

PE-8 (1) Automated Records Maintenance / Review

not applicable

PE-8 (2) Physical Access Records
PE-9 Power Equipment And Cabling

not applicable

PE-9 (1) Redundant Cabling
PE-9 (2) Automatic Voltage Controls
PE-10 Emergency Shutoff

not applicable

PE-10 (1) Accidental / Unauthorized Activation
PE-11 Emergency Power

not applicable

PE-11 (1) Long-Term Alternate Power Supply - Minimal Operational Capability

not applicable

PE-11 (2) Long-Term Alternate Power Supply - Self-Contained
PE-12 Emergency Lighting

not applicable

PE-12 (1) Essential Missions / Business Functions
PE-13 Fire Protection

not applicable

PE-13 (1) Detection Devices / Systems

not applicable

PE-13 (2) Suppression Devices / Systems

not applicable

PE-13 (3) Automatic Fire Suppression

not applicable

PE-13 (4) Inspections
PE-14 Temperature And Humidity Controls

not applicable

PE-14 (1) Automatic Controls
PE-14 (2) Monitoring With Alarms / Notifications

not applicable

PE-15 Water Damage Protection

not applicable

PE-15 (1) Automation Support

not applicable

PE-16 Delivery And Removal

not applicable

PE-17 Alternate Work Site

not applicable

PE-18 Location Of Information System Components

not applicable

PE-18 (1) Facility Site
PE-19 Information Leakage
PE-19 (1) National Emissions / Tempest Policies And Procedures
PE-20 Asset Monitoring And Tracking



PE-1: Physical And Environmental Protection Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A physical and environmental protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls; and b. Reviews and updates the current: 1. Physical and environmental protection policy [Assignment: organization-defined frequency]; and 2. Physical and environmental protection procedures [Assignment: organization-defined frequency].

PE-1 Control Response Information
Implementation Status:

not applicable

PE-1: What is the solution and how is it implemented?



PE-2: Physical Access Authorizations

The organization: a. Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides; b. Issues authorization credentials for facility access; c. Reviews the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; and d. Removes individuals from the facility access list when access is no longer required.

PE-2 Control Response Information
Implementation Status:

not applicable

PE-2: What is the solution and how is it implemented?



PE-2 (1): Access By Position / Role

“The organization authorizes physical access to the facility where the information system resides based on position or role.”

PE-2 (1) Control Response Information
Implementation Status: