Highlights of IS.013 Physical and Environmental Security Standard
Massachusetts Executive Office of Technology Services and Security IS.013 Physical and Environmental Security Standard establishes requirements to ensure that the Commonwealth’s information assets are protected by physical and environmental controls that prevent tampering, damage, theft or unauthorized physical access.
This standard defines the following controls and acceptable practices:
- Definition of physical security perimeters and required controls
- Personnel and visitor access controls
- Requirements for environmental protection equipment
- Protection of equipment stored off-site from the Commonwealth’s facilities
The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a department’s Internal Control Plan, implemented, tested, and included in staff training. These standards apply to all Executive Department offices and agencies and are the default standard for non-Executive Departments who have not adopted comparable cyber and data security standards as part of their Internal Control Plan.