Physical Security Checklist
Physical Security Checklist
Physical Security Checklist
Executive Summary
The university data centers provide for the reliable operation of SJSUs computing systems,
computing infrastructure, and communication systems. Per ICSUAM 8000, California SAM,
local, State, and Federal law, this standard defines the requirements for security controls of
machines hosted in SJSU data centers to safeguarding the confidentiality, integrity, and
availability of information stored, processed and transmitted by SJSU.
Revision History
Date Action
4/25/2014 Draft sent to Mike
Table of Contents
Executive Summary ................................................................................................................... 2
Introduction and Purpose ........................................................................................................... 5
Scope ........................................................................................................................................ 5
Standard .................................................................................................................................... 5
Storage of Unencrypted Level 1 Information is prohibited on servers .................................. 5
Physical and Environmental Security .................................................................................. 5
Background Check of Employees ....................................................................................... 5
Electronic Lock Required .................................................................................................... 5
Networking Equipment Locked............................................................................................ 5
Management Control of Access .......................................................................................... 5
Physical Need to Access..................................................................................................... 5
Removal of Permissions upon Employee separation .......................................................... 6
Audit of Key Cards .............................................................................................................. 6
Master Keys ........................................................................................................................ 6
Moisture Detectors .............................................................................................................. 6
Smoke Detectors ................................................................................................................ 6
Environmental Reporting..................................................................................................... 6
Fire Suppression ................................................................................................................. 6
Uninterruptible Power Supply (UPS) ................................................................................... 6
Glass Windows ................................................................................................................... 6
Power Generators ............................................................................................................... 6
Earthquake Protection......................................................................................................... 6
Firewalls between data centers and core networks ............................................................. 6
Emergency Preparedness and Training .............................................................................. 6
Test Data Center Emergency Procedures ........................................................................... 7
IT Disaster Recovery Plan .................................................................................................. 7
Backup Tapes ..................................................................................................................... 7
Food, Drink, Hazardous Materials ....................................................................................... 7
Labels on Doors .................................................................................................................. 7
Data Center Owner Training ............................................................................................... 7
Scope
This standard applies to all SJSU State, Self-Fund, and Auxiliary (campus) computer systems
and facilities, with a target audience of SJSU Information Technology employees and partners.
This standard applies to any machine storing unencrypted Level 1 data at rest, any machine
providing internet-facing services outside the campus border firewall (i.e. Web Servers), and
campus core network aggregation points.
Standard
Storage of Unencrypted Level 1 Information is prohibited on servers
For any machine on the campus, storing level 1 unencrypted data at rest is prohibited unless an
exception has been approved by the Information Security Office. For information classification
and handling of Level 1 sensitive data, refer to the Information Classification and Handling
Standard.
Master Keys
Physical locks must not accept master keys.
Moisture Detectors
Moisture Detectors should be in use and placed in data centers, in accordance with the Physical
Security Standard.
Smoke Detectors
Smoke Detectors should be in use and placed in data centers, in accordance with the Physical
Security Standard.
Environmental Reporting
Environmental alerting, such as temperature and moisture is required for server rooms storing
level 1 data.
Fire Suppression
Fire extinguisher or fire suppression for electronic equipment, must be located in each Data
Center. Data Centers must not be protected by water-based fire suppression systems.
Glass Windows
Glass windows to public areas allowing viewing of server rooms are prohibited.
Power Generators
Power generators capable of sustaining computer operations during a power outage are
required for servers storing level 1 data.
Earthquake Protection
Full-Height server racks which are in excess of three times as tall as they are wide must be
affixed to the structure on at least 2 faces to prevent damage in the event of a minor
earthquake.
Backup Tapes
Data center room sensitive servers must use backup tapes sent to an offsite location, in
accordance with the Data Retention Standard. Tapes containing level 1 data must be
encrypted. Data center backup tapes must be in compliance with CSU Executive Order 1031:
Records Retention & Disposition Schedules
Labels on Doors
Labels on doors that list data center or telecom closet are prohibited.