Upload Test Guidance

Compliance requirements can be complex—every company’s scope and responsibilities are unique.

This guide is here to help you confidently navigate the tests available on our platform, ensuring they align with your organization’s specific compliance needs. Whether you're acknowledging policies as an end user or building and implementing them as an admin, we’ll provide the guidance and answers you need to streamline the process and stay on track.

Below are some real world questions/answers from our customers to help you with specific guidance on some of our tests.

Frequently Asked Questions (FAQ)

I just ran across a new test called "File integrity monitoring". We are not a medical office/facility and we monitor system activity and have data encryption which is proven in other tests. Is this still relevant for us?

  • In your case, this test can be disabled as long as the Encryption at rest/in transit and Monitoring for cloud/web tests are passing. 

I see there are a large set of "Physical Security Tests" in Secureframe, which previously pointed to a Policy, but are now upload tests. Why the change?

  • Yes, that is correct, we recently changed this test from Policy to Upload. (see full list below of the test in question that were changed)
  • Based on auditor feedback and continuous quality improvements to our frameworks, ultimately auditors want to verify, not only a physical security policy, but also the corresponding evidences for each of the physical security tests.
  • Important note: For any of these new physical security tests if there is no physical environment in-scope, we would recommend marking these tests as not applicable stating AWS or the CSP is responsible for physical security controls.

test_key

test_title

PHYS-6

Visitor logs

PHYS-7

Visitor escorts within restricted areas

PHYS-9

Visitor authentication

PHYS-8

Visitor badges

PHYS-1-2

Badge access is provisioned to approved personnel

PHYS-2-2

Physical access revocation

PHYS-1-1

Physical badge access

PHYS-17

Physical component maintenance

PHYS-3-2

Physical access reviews

PHYS-10

Power supply protection

PHYS-12

Facility temperature control

PHYS-4

Physical hardening of restricted areas

PHYS-16

Emergency lighting

PHYS-13

Physical hardening of entry points

PHYS-14

Power and telecommunication lines are protected

PHYS-5

Physical intrusion detection systems

PHYS-11

Fire suppression and detection

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.