Article 45 – Information Security
49020.8 Physical Access Control to Information Assets and Environmental Safety
-
The sensitivity of CDCRCalifornia Department of Corrections and Rehabilitation’s information assets and personnel safety requires that all CDCRCalifornia Department of Corrections and Rehabilitation computer facilities have physical controls to prevent unauthorized access.
-
All information resource facilities must be physically protected in proportion to the criticality or importance of their function. Physical access procedures must be documented, and access to such facilities must be controlled. Access lists must be reviewed at least quarterly or more frequently depending on the nature of the systems that are being protected.
-
Each owner and custodian of departmental information systems shall establish physical controls over their information assets. This requirement applies to workstations with confidential or sensitive information and includes network and data communications components, as well as, application and database servers.