ГОСТ Р № ИСО/МЭК 27001-2021 от 01.01.2022

PR.IP-5: Соблюдаются политика и положения физической безопасности для организационных активов 

PR.AC-2: Управляется и защищен физический доступ к активам 

ID.BE-4: Установлены зависимости и критические функции для предоставления критически важных услуг 

/STANDARD
Physical security mechanisms must be a key part of information systems security and be up to date to ensure that they cannot be bypassed easily by a hacker. It is, therefore, advisable to identify the suitable physical security measures and to raise users’ awareness continuously of the risks caused by bypassing these rules. 

Access to server rooms and technical areas must be controlled with the assistance of locks or access control mechanisms such as badges. The unaccompanied access of external service providers to sever rooms and technical areas must be prohibited, except if it is possible to strictly monitor the access and limit it to given time intervals. A regular review of the access rights must be carried out, in order to identify any unauthorised access. 

When an employee leaves or there is a change of service provider, the access rights must be withdrawn or the access codes changed. 

Finally, the network sockets in areas open to the public (meeting room, reception hall, corridors, etc.) must be restricted or deactivated in order to stop a hacker easily gaining access to the company’s network. 

А.7.12 Безопасность кабельной сети
Должны быть защищены от перехвата, помех или повреждения кабели, передающие данные или поддерживающие информационные сервисы, в том числе и подающие электропитание. 

А.7.12 Cabling security
Cables carrying power, data or supporting information services shall be protected from interception, interference or damage.