Security measures for working in secure areas should be designed and implemented.
Clear desk rules for papers and removable storage media and clear screen rules for information processing facilities should be defined and appropriately enforced.
Equipment should be sited securely and protected.
Off-site assets should be protected.
Storage media should be managed through their life cycle of acquisition, use, transportation and disposal in accordance with the organization’s classification scheme and handling requirements.
Information processing facilities should be protected from power failures and other disruptions caused by failures in supporting utilities.
Cables carrying power, data or supporting information services should be protected from interception, interference or damage.
Equipment should be maintained correctly to ensure availability, integrity and confidentiality of information.
Items of equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.
Information stored on, processed by or accessible via user endpoint devices should be protected.
Passcode