Does your organization regularly inspect physical access controls for signs of tampering?
Explanation
Regular inspection of physical access controls such as locks, latches, hinge pins, and alarm systems helps identify unauthorized access attempts or security breaches before they result in data or asset theft. These inspections should follow a documented schedule and include visual checks for scratches around keyholes, damaged hinges, disabled alarms, or other signs of manipulation.
Evidence could include a physical security inspection log that documents dates of inspections, findings, personnel who conducted the inspection, and any remediation actions taken. Photos of inspection activities or security incident reports related to detected tampering would also serve as supporting documentation.
Implementation Example
Monitor physical access controls (e.g., locks, latches, hinge pins, alarms) for signs of tampering
ID: DE.CM-02.278
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- The physical environment is monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

