Oregon Administrative Rules
Chapter 291 - DEPARTMENT OF CORRECTIONS
Division 5 - NETWORK INFORMATION SYSTEM ACCESS AND SECURITY
Section 291-005-0075 - Physical Security Guidelines

Universal Citation: OR Admin Rules 291-005-0075

Current through Register Vol. 63, No. 9, September 1, 2024

(1) Computer equipment shall be protected from unnecessary risk of access, damage, or theft.

(2) Facility access must be controlled using physical access control devices such as keys, locks, combinations, radio-frequency identification (RFID) card readers, etc.

(a) All facilities must have at least one physical security control protecting it from unauthorized access, damage, or interference;

(b) Facilities that process or store information classified at Level 3 (Restricted) or higher must employ multiple layers of physical security controls; and

(c) For areas used to process or store information classified at Level 3 (Restricted) or higher, access logs for controlled entry points must be maintained.

(3) An annual evaluation of physical security for information systems used by staff shall be conducted by the Department of Corrections ISO or their designee. The findings of this evaluation shall be used to enhance the physical security of the agency systems as needed.

(4) Physical security guidelines for information systems shall be developed by ITS and reviewed and approved by the Department of Corrections ISO.

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075

Disclaimer: These regulations may not be the most recent version. Oregon may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.