Compliance requirements can be complex—every company’s scope and responsibilities are unique.
This guide is here to help you confidently navigate the tests available on our platform, ensuring they align with your organization’s specific compliance needs. Whether you're acknowledging policies as an end user or building and implementing them as an admin, we’ll provide the guidance and answers you need to streamline the process and stay on track.
Below are some real world questions/answers from our customers to help you with specific guidance on some of our tests.
Frequently Asked Questions (FAQ)
I just ran across a new test called "File integrity monitoring". We are not a medical office/facility and we monitor system activity and have data encryption which is proven in other tests. Is this still relevant for us?
- In your case, this test can be disabled as long as the Encryption at rest/in transit and Monitoring for cloud/web tests are passing.
I see there are a large set of "Physical Security Tests" in Secureframe, which previously pointed to a Policy, but are now upload tests. Why the change?
- Yes, that is correct, we recently changed this test from Policy to Upload. (see full list below of the test in question that were changed)
- Based on auditor feedback and continuous quality improvements to our frameworks, ultimately auditors want to verify, not only a physical security policy, but also the corresponding evidences for each of the physical security tests.
- Important note: For any of these new physical security tests if there is no physical environment in-scope, we would recommend marking these tests as not applicable stating AWS or the CSP is responsible for physical security controls.
test_key |
test_title |
PHYS-6 |
Visitor logs |
PHYS-7 |
Visitor escorts within restricted areas |
PHYS-9 |
Visitor authentication |
PHYS-8 |
Visitor badges |
PHYS-1-2 |
Badge access is provisioned to approved personnel |
PHYS-2-2 |
Physical access revocation |
PHYS-1-1 |
Physical badge access |
PHYS-17 |
Physical component maintenance |
PHYS-3-2 |
Physical access reviews |
PHYS-10 |
Power supply protection |
PHYS-12 |
Facility temperature control |
PHYS-4 |
Physical hardening of restricted areas |
PHYS-16 |
Emergency lighting |
PHYS-13 |
Physical hardening of entry points |
PHYS-14 |
Power and telecommunication lines are protected |
PHYS-5 |
Physical intrusion detection systems |
PHYS-11 |
Fire suppression and detection |
Comments
0 comments
Please sign in to leave a comment.