Mechanisms exist to force Internet-bound network traffic through a proxy device for URL content filtering and DNS filtering to limit a user's ability to connect to dangerous or prohibited Internet sites.
Mechanisms exist to route internal communications traffic to external networks through organization-approved proxy servers at managed interfaces.
Mechanisms exist to configure the proxy to make encrypted communications traffic visible to monitoring tools and mechanisms.
Automated mechanisms exist to route networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.
Mechanisms exist to facilitate the operation of physical and environmental protection controls.
Mechanisms exist to document a Site Security Plan (SitePlan) for each server and communications room to summarize the implemented security controls to protect physical access to technology assets, as well as applicable risks and threats.
Physical access control mechanisms exist to maintain a current list of personnel with authorized access to organizational facilities (except for those areas within the facility officially designated as publicly accessible).
Physical access control mechanisms exist to authorize physical access to facilities based on the position or role of the individual.
Mechanisms exist to enforce a "two-person rule" for physical access by requiring two authorized individuals with separate access cards, keys or PINs, to access highly-sensitive areas (e.g., safe, high-security cage, etc.).
Physical access control mechanisms exist to enforce physical access authorizations for all physical access points (including designated entry/exit points) to facilities (excluding those areas within the facility officially designated as publicly accessible).
Passcode