Or. Admin. Code § 291-005-0075
Current through Register Vol. 64, No. 1, January 1, 2025
Section 291-005-0075 - Physical Security Guidelines(1) Computer equipment shall be protected from unnecessary risk of access, damage, or theft.(2) Facility access must be controlled using physical access control devices such as keys, locks, combinations, radio-frequency identification (RFID) card readers, etc. (a) All facilities must have at least one physical security control protecting it from unauthorized access, damage, or interference;(b) Facilities that process or store information classified at Level 3 (Restricted) or higher must employ multiple layers of physical security controls; and(c) For areas used to process or store information classified at Level 3 (Restricted) or higher, access logs for controlled entry points must be maintained.(3) An annual evaluation of physical security for information systems used by staff shall be conducted by the Department of Corrections ISO or their designee. The findings of this evaluation shall be used to enhance the physical security of the agency systems as needed.(4) Physical security guidelines for information systems shall be developed by ITS and reviewed and approved by the Department of Corrections ISO.Or. Admin. Code § 291-005-0075
CD-24-1992, f. 11-24-92, cert. ef. 12-1-92; CD 10-1997, f. & cert. ef. 6-20-97; DOC 16-1999, f. 9-24-99, cert. ef. 10-1-99; DOC 5-2024, amend filed 04/29/2024, effective 4/29/2024Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075
Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075