Physical Security Overview                                                                  

 

Physical security refers to the protection of building sites and equipment (and information and software contained therein) from theft, vandalism, natural and manmade disasters, and accidental damage. Managers must be concerned with IT building construction, room assignments, emergency action procedures, regulations that govern equipment placement and use, energy and water supplies, product handling—and relationships with employees, outside contractors, other courts, and state and federal agencies. Some solutions will require the installation of locks, fire extinguishers, surge protectors, window bars, automatic fire equipment, and alarm systems.[1]

 

Physical Security Standards

Minimum Security Option

                                               

1.      Physical security of all court computer equipment shall be maintained in a locked and low visibility location. 

 

2.      Personnel shall be trained to challenge unfamiliar individuals in the area housing computer hardware.

 

3.      Provide “surge protectors” for all computer equipment to prevent electricity spikes or drops from causing system downtime.

 

Optimum Security Option

 

 

1.      For those courts that have a network, all critical network computing equipment shall be located in a physically controlled environment, with access limited to personnel responsible for equipment administration and maintenance only.  The room must be equipped with heat, air conditioning, and smoke/heat/water alarms to assure proper environmental protection of computer network hardware.

 

2.      Secured rooms shall have the following features:

 

• Full-height walls and fireproof walls and ceilings.
• No more than two doors. Doors must be solid, fireproof, lockable, and observable by computing or other staffers.
• Few and relatively small windows, all of which shall have adequate locks.
• Good key control—locking doors and windows are an effective security strategy when appropriate authorities properly maintain keys (card-keys or hard keys or a combination of both types).

 

3.      Fire extinguishers will be kept near equipment and employees must be trained in their proper use. The placement and recharge of fire extinguishers shall be checked on an annual basis.

 

4.      An uninterruptible power supply (UPS) will be used to protect critical computing equipment in the event of power outage. Line filters shall be installed to control voltage spikes.

 

5.      If court personnel use laptop (PC) computers, then mechanisms such as laptop locks and alarms shall be used to reduce the risk of theft.  Employees will be instructed not to leave laptop computers unattended or unsecured while in the office or while traveling to other locations.

 

6.      Equipment will be labeled in an obvious, permanent, and easily identifiable way.  Up-to-date logs of all equipment, with serial numbers, will be maintained in a secure location.

 

7.      When personnel terminate employment with the court, all keys must be collected, access cards shall be returned and deactivated, and access codes will be changed.  All employee access codes shall also be changed on a regular periodic basis (at least annually).

 

 

 

 

 

Maximum Security Option

 

 

In addition to the Optimum Security Option standards, the following standards shall be configured for Maximum Security of physical hardware:

 

1.      Video surveillance cameras shall be placed throughout the premises, especially at computer room doors and within the computer room.

 

2.      Access to the computer room shall be restricted with a cipher-lock or a magnetic-card locking mechanism or an advanced system, such as biometrics, and all accesses to the room shall be captured and reviewed.