Beruflich Dokumente
Kultur Dokumente
Commonwealth of Australia 2011 All material presented in this publication is provided under a Creative Commons Attribution 3.0 Australia http!""creativecommons.or#"licenses"b$"3.0"au"deed.en % licence. &or the avoidance of doubt' this means this licence onl$ applies to material as set out in this document. ()C*+,-.(C/+0- 1http!""www.bud#et.#ov.au"2010211"content"bp1"ima#e"bp13prelims2 2.#if1 45 6-07-&806A/()-/ /he details of the relevant licence conditions are available on the Creative Commons website accessible usin# the lin9s provided% as is the full le#al code for the CC :; 3.0 A+ licence http!""creativecommons.or#"licenses"b$"3.0"le#alcode %. Use of the Coat of Arms /he terms under which the Coat of Arms can be used are detailed on the (t<s an =onour http!""www.itsanhonour.#ov.au"coat2arms"inde>.cfm% website. Contact us (n?uiries re#ardin# the licence and an$ use of this document are welcome at! :usiness *aw :ranch Attorne$27eneral@s ,epartment 32A )ational Cct :A0/8) AC/ 2B00 /elephone! 02% B141 BBBB cop$ri#htCa#.#ov.au
,ocument details Decurit$ classification ,issemination limitin# mar9in# ,ate of securit$ classification review Authorit$ Author ,ocument status +nclassified .ublicl$ available Jul$ 2013 .rotective Decurit$ .olic$ Committee .rotective Decurit$ .olic$ Dection Attorne$27eneral@s ,epartment Approved 21 June 2011 Amended Deptember 2012
Australian 7overnment securit$ mana#ement staff...............................................................1 contractors to the Australian 7overnment providin# ph$sical securit$ advice and services' and............................................................................................................................................ 1 an$ other bod$ or person responsible for the securit$ of Australian 7overnment people' information or ph$sical assets...................................................................................................1 1.3 Dcope.............................................................................................................................. 1 within Australian 7overnment facilities .................................................................................1 facilities handlin# Australian 7overnment information and ph$sical assets' or .....................1 where Australian 7overnment emplo$ees are located..........................................................1 1.3.1 +se of specific terms in these #uidelines.....................................................................1 Eneed to@Frefers to a le#islative re?uirement that a#encies must meet................................1 Eare re?uired to@ or Eis re?uired to@Frefer to a control!...........................................................1 to which a#encies cannot #ive a polic$ e>ception' or............................................................1 used in other protective securit$ documents that set controls...............................................1 Eare to@ or Eis to@Fare directions re?uired to support compliance with the mandator$ re?uirements of the ph$sical securit$ core polic$' and..............................................................2 Eshould@Frefers to better practiceG a#encies are e>pected to appl$ better practice unless there is a reason based on their ris9 assessment to appl$ alternative controls.........................2 Background................................................................................................................................ 3 1.4 Hh$ the #uidelines were developed.................................................................................3 the business impact of information' people and ph$sical assets...........................................3 the level of control re?uired to!..............................................................................................3 meet the threat environment.................................................................................................3 #ive suitable protection to information' people and ph$sical assets......................................3 provide assurance to other a#encies for information sharin#' and........................................3 the t$pes of controls that are suitable...................................................................................3 aid in establishin# consistent terminolo#$ for ph$sical securit$ across the Australian 7overnment' and...................................................................................................................... 3 #ive a#encies a framewor9 for the assurance needed to share information and ph$sical assets....................................................................................................................................... 3 1.A 1.B 0elationship to other documents......................................................................................3 Dtructure of these #uidelines............................................................................................3
ii
the Decurit$ Iones methodolo#$ and re?uirements..............................................................3 details of individual control measures' and...........................................................................3 a chec9list for a#encies reviewin# ph$sical securit$ measures.............................................3 Risk mitigation and assurance measures................................................................................ reduce the residual ris9s to an acceptable level to the a#enc$' or where this is not possible' lower the li9elihood of compromise' loss of availabilit$' or loss of inte#rit$ as much as possible' then............................................................................................................................ 4 appl$ minimum controls determined b$ the business impact level of the compromise' loss of availabilit$ or loss of inte#rit$ of the information........................................................................4 1.J /he ris9 mana#ement process.........................................................................................4 the Australian Dtandard AD")ID (D8 31000!200K 0is9 6ana#ement L .rinciples and #uidelines' and ......................................................................................................................... 4 the Australian Dtandards =: 1BJ!200B Decurit$ ris9 mana#ement ......................................4 1.J.1 Additional re?uirements to meet specific threats.........................................................A A#enc$ pro#ramsFinherent ris9s in a#enc$ pro#rams.........................................................B .ublic 9nowled#e of facilit$ usesFran#in# from no public 9nowled#e to full public 9nowled#e of contentious pro#rams underta9en at the facilit$..................................................B *evel of nei#hbourhood crimeFran#in# from occasional minor crime to re#ular maMor or or#anised crime........................................................................................................................ B Client violenceFran#in# from occasional non2confrontational contact with clients to re#ular client contact which ma$ lead to violence.................................................................................B .ublic violenceFran#in# from little to no public contact to re#ular public protests that ma$ be violent.................................................................................................................................. B /errorismFwhich ma$ lead to violence a#ainst personnel or facilities' or covert access to sensitive information................................................................................................................. B Dhared facilitiesFran#in# from sin#le use facilities to co2tenancies with private hi#h ris9 tenants. Hor9 areas within an a#enc$ with diverse pro#rams ma$ also be considered as sharin# facilities%....................................................................................................................... B Attractiveness of information and ph$sical assetsFran#in# from little value to information and ph$sical assets that are attractive to #roups of securit$ concern' includin# forei#n intelli#ence services' issue motivated #roups' trusted insiders.................................................B 1.N Assurance re?uired for information and ph$sical asset sharin#.......................................B 1.N.1 Assurance for securit$ classified ph$sical assets........................................................J an$ re?uirements imposed b$ the asset owner' or................................................................J the a#enc$@s ris9 assessment and the conse?uences of the assets compromise loss or dama#e..................................................................................................................................... J 1.K Dite securit$ plans............................................................................................................ J measures that are scalable to meet increases in threat levels..............................................J the location and nature of the site.........................................................................................J whether the a#enc$ has sole or shared ownership or tenanc$ of the site.............................J
iii
whether the public or other non2a#enc$ personnel have a ri#ht of entr$ to the site...............J what securit$ classification of information is to be stored' handled' processed or otherwise used in each part of the site......................................................................................................N (C/ assets' includin#' but not limited to' data' software' hardware and portable e?uipment such as laptops' personal electronic devices............................................................................N (C/2related e?uipment for e>ample' file servers' wor9stations' terminals' main distribution frames and cablin#% and utilities................................................................................................N an$ other resources that will be on the site ..........................................................................N an indication of whether ever$ part of the site is intended to have the same level of securit$ ................................................................................................................................................. N what protective measures will be re?uired for!......................................................................N the site as a whole................................................................................................................ N particular areas within the site for e>ample' part of a floor which will hold information of a hi#her classification than the rest of the site%............................................................................N what differin# measures will be re?uired for!.........................................................................N stora#e' handlin# and processin# of securit$ classified information' and..............................N securit$ classified or otherwise sensitive discussions and meetin#s. ...................................N 1.K.1 Critical path................................................................................................................. N probabilit$ of detectionFthe cumulative probabilit$ of detectin# an adversar$......................N cumulative dela$Fthe combined minimum dela$ time alon# the adversar$ path..................K responseFthe time for a response to reach a point of detection' and..................................K interruptionFoccurs when the response time is less than the dela$ provided' measured from the first point of detection..................................................................................................K 1.K.2 Crime prevention throu#h environmental desi#n C./-,%..........................................K ,esi#nin# 8ut Crime! crime prevention throu#h environmental desi#n an earl$ publication from the Australian (nstitute of Criminolo#$ focusin# on household crimeG the concepts are transferable to or#anisations. ...................................................................................................K Crime .revention throu#h -nvironmental ,esi#n 7uidelines for Oueensland a Oueensland .olice publication released in 200J. .........................................................................................K Security !ones.......................................................................................................................... 1" unauthorised or covert access' and....................................................................................10 forcible attac9...................................................................................................................... 10 hi#hl$ resistant to covert attac9 to protect information' or ..................................................10 hi#hl$ resistant to forcible attac9 to protect assets..............................................................10 1.K.3 *a$erin# of Iones......................................................................................................13 low to medium business impact levelsFma$ onl$ need Ione 8ne or Ione /wo................13 up to and includin# hi#h to ver$ hi#h business impact levelsFma$ need Ione 8ne and Ione /wo................................................................................................................................ 13 up to and includin# e>treme business impact levelsFma$ need Iones 8ne to /hree' and13
iv
up to and includin# catastrophic business impact levelsFma$ need Iones 8ne to &ive....13 Dee the Australian 7overnment protective securit$ #overnance #uidelinesF:usiness impact levels........................................................................................................................... 13 1.K.4 Ione re?uirements....................................................................................................1A the compromise' loss of inte#rit$ or unavailabilit$ of information' and.................................1A the compromise' loss or dama#e of ph$sical assets...........................................................1A 1.K.A Accreditation of Iones...............................................................................................1K Indi#idual control elements.....................................................................................................$$ 1.10 +se of DC-C2approved products.................................................................................22 securit$ products that primaril$ focus on protectin# securit$ classified information of which the compromise' loss of inte#rit$ or unavailabilit$ would result in a business impact level of hi#h or above.......................................................................................................................... 22 products that prevent widespread loss of life' and..............................................................22 other securit$ products that re?uire specialist testin#..........................................................22 1.11 :uildin# construction....................................................................................................22 1.11.1 Construction of buildin#s.........................................................................................22 blast miti#ation measures...................................................................................................23 forcible attac9 and ballistic resistance.................................................................................23 road and public access paths..............................................................................................23 li#htin# in addition to securit$ li#htin#%...............................................................................23 hostile vehicle miti#ation' and.............................................................................................23 elements of crime prevention throu#h environmental desi#n C./-,%...............................23 AD 3AAA.1!2003 :uildin# elementsF/estin# and ratin# for intruder resistanceF(ntruder2 resistant panels. /his standard provides #uidance on ver$ hi#h #rade intruder resistance such as for hi#h securit$ vaults%..............................................................................................23 AD")ID 2343!1KKJ :ullet2resistant panels and elements...................................................23 AD(8 /echnical )ote L .h$sical Decurit$ of Decure Areas"D01 0ooms' and.....................23 Dupplement to the /echnical )ote L .h$sical Decurit$ of /8. D-C0-/ Areas ................23 1.12 Alarm s$stems.............................................................................................................24 uni?uel$ identifiable to an individual....................................................................................24 not recorded b$ the individual' and.....................................................................................24 re#ularl$ chan#ed in accordance with the a#enc$@s ris9 assessment..................................24 perimeter or e>ternal% intrusion detection s$stems .(,D% or alarms' and ........................24 internal securit$ alarm s$stems DAD%................................................................................24 1.12.1 ->ternal alarms.......................................................................................................2A 1.12.2 DC-C /$pe 1 DAD..................................................................................................2A DC-C2approved /$pe 1 DAD in all Iones &our and &ive....................................................2A
DC-C2endorsed securit$ Pone consultants to desi#n and commission DC-C /$pe 1 DAD in accordance with the re?uirements of the /$pe 1 DAD (mplementation and 8peration 7uide' and.......................................................................................................................................... 2A DC-C2approved detection devices with an$ DC-C /$pe 1 DAD.........................................2A 1.12.3 Commercial alarm s$stems.....................................................................................2A whether a commercial DAD is re?uired at their facilities' includin# an$ temporar$ sites' as part of their ris9 miti#ation strate#ies' and...............................................................................2A the specifications for an$ such s$stem................................................................................2A AD")ID 2201 Det!200N (ntruder alarm s$stems set!...........................................................2B AD")ID 2201.1!200J (ntruder alarm s$stemsFClient<s premisesF,esi#n' installation' commissionin# and maintenance............................................................................................2B AD 2201.2!2004 (ntruder alarm s$stemsF6onitorin# centres............................................2B AD 2201.3!1KK1 (ntruder alarm s$stemsF,etection devices for internal use.....................2B AD")ID 2201.A!200N (ntruder alarm s$stemsFAlarm transmission s$stems.....................2B 1.13 (ndividual alarm options...............................................................................................2B duress alarms..................................................................................................................... 2B individual item alarms' or alarm circuits' and......................................................................2B vehicle alarms..................................................................................................................... 2B 1.13.1 ,uress alarms......................................................................................................... 2B remotel$ monitored duress alarms' and..............................................................................2J alarms that produce loud noise on activation......................................................................2J enable emplo$ees to raise an alarm discreetl$' and...........................................................2J be au#mented b$ procedures that provide an appropriate response..................................2J all relevant staff are aware of and have re#ular trainin# and trials with the duress alarm ...2J the duress alarm is confi#ured as part of an intruder alarm s$stem that complies with AD")ID 2201 Det!200N' and ..................................................................................................2J the alarm panel is located within the protection Pones of the alarm s$stem in accordance with AD")ID 2201 Det!200N...................................................................................................2J 1.13.2 (ndividual item alarm"alarm circuit...........................................................................2J pressure switches...............................................................................................................2J motion sensors................................................................................................................... 2J CC/V activated alarms' and...............................................................................................2J radio fre?uenc$ identification 0&(,% ta# s$stems...............................................................2N 1.13.3 Vehicle alarm...........................................................................................................2N 1.14 Access control s$stems................................................................................................2N ps$cholo#ical or s$mbolic barriersFfor e>ample' Crime prevention throu#h environmental desi#n C./-,%...................................................................................................................... 2N securit$ staff ph$sicall$ located at entr$ and e>it points......................................................2N
vi
securit$ staff located at central points who monitor and control entr$ and e>it points usin# intercoms' videophones' closed circuit television cameras and similar devices......................2N mechanical loc9in# devices operated b$ 9e$s or codes' and..............................................2N electronic access control s$stems -ACD%..........................................................................2N what $ou haveF9e$s' (, cards' passes' etc.......................................................................2N what $ou 9nowF.()s' etc..................................................................................................2N who $ou areFvisual reco#nition' biometrics' etc................................................................2N 1.14.1 ,ual authentication..................................................................................................2K 1.14.2 -lectronic access control s$stems...........................................................................2K see9 specialist advice when selectin# -ACD' and..............................................................2K use a desi#ner or installer recommended b$ the manufacturer to desi#n and commission them........................................................................................................................................ 2K /he )ational (nstitute of Dtandards and /echnolo#$ +D ,ept of Commerce% publication' A 0ecommendation for the +se of .(V Credentials in .h$sical Access Control D$stems .ACD%' and ......................................................................................................................................... 30 AD A1NA!2010 .rotocol for li#htwei#ht authentication of identit$ .*A(,%' which #ives advice on confirmin# identit$ for access to lo#ical s$stems................................................................30 1.14.3 (dentit$ cards...........................................................................................................30 worn b$ emplo$ees and clearl$ displa$ed at all times in a#enc$ premises.........................30 uni?uel$ identifiable' and....................................................................................................30 audited re#ularl$ in accordance with the a#enc$@s ris9 assessment....................................30 card ma9in# e?uipment' and...............................................................................................30 spare' blan9 or returned cards............................................................................................30 1.1A 1.1B (nteroperabilit$ of alarm s$stem and other buildin# mana#ement s$stems..................31 Visitor control............................................................................................................... 31
are able to show a suitable form of identification.................................................................31 have a le#itimate need for unescorted entr$ to the area' and.............................................31 have the appropriate securit$ clearanceG see the Australian 7overnment personnel securit$ protocol................................................................................................................................... 31 worn at all times.................................................................................................................. 31 collected at the end of the visit............................................................................................31 disabled on return if the passes #ive access to an$ a#enc$ access control s$stems' and. 31 chec9ed at the end of the da$ and' where the passes are reusable' action ta9en to disable and recover an$ not returned. ................................................................................................31 facilit$ reception areas' or...................................................................................................32 entr$ to individual securit$ Pones........................................................................................32 1.1B.1 Visitor re#isters........................................................................................................32 the name of the visitor.........................................................................................................32
vii
the visitor@s a#enc$ or firm or' in the case of private individuals' their private address........32 the name of the emplo$ee to be visited...............................................................................32 the times of the visitor@s arrival and departure' and.............................................................32 the reason for visit............................................................................................................... 32 1.1B.2 0emoval of persons from a#enc$ premises.............................................................32 advise the person that the officer is a person authorised under the .ublic 8rder .rotection of .ersons and .ropert$% Act 1KJ1' or an Authorised Commonwealth 8fficer under the Crimes Act 1K14................................................................................................................................. 32 initiall$ see9 the person@s cooperation to cease the behaviour and"or to leave the premises ............................................................................................................................................... 32 as9 the person to stop the behaviour and warn them the$ could be re?uired to leave the premises immediatel$.............................................................................................................32 if the person does not stop the unacceptable behaviour' advise them that due to their behaviour the a#enc$ head' person authorised or an Authorised Commonwealth 8fficer is withdrawin# permission for them to be on the premises.........................................................33 re?uest the person to leave the premises immediatel$' and...............................................33 warn the person that the police will be called if the$ remain' and of the possible le#al conse?uences of non2compliance with the re?uest to leave...................................................33 1.1B.3 Access b$ the media...............................................................................................33 a desi#nated emplo$ee should accompan$ media representatives throu#hout the visit.....33 securit$ classified information is loc9ed awa$ preferable% or at least protected from view. 33 additional restrictions are considered when appropriate' such as handin# in mobile phones and other recordin# and communications e?uipment' and......................................................33 the a#enc$ media liaison unit or public affairs area is consulted about the arran#ements. ............................................................................................................................................... 33 1.1J 0eceptionists and #uards.............................................................................................33 1.1J.1 8ut2of2hours #uardin#.............................................................................................34 for Ione /hreeFwithin ever$ four hours' and.....................................................................34 for other areas based on an a#enc$@s ris9 assessment......................................................34 1.1N *oc9s and door hardware.............................................................................................34 1.1N.1 *oc9s....................................................................................................................... 34 secure all access points to their premises includin# doors and operable windows' usin# commercial #rade or DC-C2approved loc9s and hardwareG these loc9s ma$ be electronic' combination or 9e$ed..............................................................................................................3A #ive combinations' 9e$s and electronic to9ens the same level of protection as the most valuable information or ph$sical asset contained b$ the loc9' and..........................................3A use DC-C2approved loc9s and hardware in Iones &our and &ive' see the DC-C Decurit$ -?uipment Catalo#ue.............................................................................................................3A AD 414A.2!200N *oc9sets and hardware for doors and windowsF6echanical loc9sets for doors and windows in buildin#s..............................................................................................3A
viii
1.1N.2 Qe$in# s$stems.......................................................................................................3A le#al controls' for e>ample re#istered desi#ns' patents......................................................3A levels of difficult$ in obtainin# or manufacturin# 9e$ blan9s and the machiner$ used to cut duplicate 9e$s' and.................................................................................................................3A levels of protection a#ainst compromise techni?ues' for e>ample pic9in#' impressionin#' decodin#................................................................................................................................. 3A the level of protection provided a#ainst common forms of compromise .............................3A the len#th of le#al protection offered b$ the manufacturer .................................................3A supplier protection of a#enc$ 9e$in# data within supplier facilit$.........................................3A the transferabilit$ of the s$stem and an$ associated costs' and..........................................3A commissionin# and on#oin# maintenance costs.................................................................3A 1.1N.3 Qe$ control..............................................................................................................3J 9e$ number......................................................................................................................... 3J name' position and location of person holdin# the 9e$........................................................3J date and time issued' and...................................................................................................3J date and time returned or reported lost...............................................................................3J mana#ers should approve the removal' and.......................................................................3J a#encies should increase the fre?uenc$ of 9e$ audits........................................................3J 1.1N.4 Combination settin#s...............................................................................................3N when a container is first received b$ the a#enc$.................................................................3N after servicin# the loc9........................................................................................................ 3N after a chan#e of custodian or other person 9nowin# the combination................................3N when there is reason to believe the settin# has been' or ma$ have been' compromised....3N in an$ case' not less fre?uentl$ than ever$ si> months' or..................................................3N when the container is disposed of b$ resettin# the loc9 to the manufacturer@s settin#.........3N 1.1N.A ,oors....................................................................................................................... 3N solid core timber.................................................................................................................3N metal framed insert panel...................................................................................................3N metal clad solid core or hollow core....................................................................................3N #lass swin# openin#............................................................................................................ 3N rotatin# #lass' and..............................................................................................................3N #lass slidin#' sin#le and double..........................................................................................3N 1.1K CC/V covera#e........................................................................................................... 3K site access points' includin# internal access to hi#her securit$ Pones ...............................3K full site perimeter covera#e' or............................................................................................3K access to specific ph$sical assets or wor9 areas................................................................3K
i>
how its use fits into the conte>t of the overall securit$ plan of the site.................................3K the t$pe of incident anticipated and in what wa$ it will be e>pected to help the response to these incidents........................................................................................................................ 3K the need to advise staff and clients that it is in use on the premises' and...........................3K the functional re?uirement..................................................................................................3K AD 4N0B Det!200N CC/V Det!............................................................................................40 AD 4N0B.1!200B Closed circuit television CC/V%F6ana#ement......................................40 AD 4N0B.2!200B Closed circuit television CC/V%FApplication #uidelines........................40 AD 4N0B.3!200B Closed circuit television CC/V%F.A* si#nal timin#s.............................40 AD 4N0B.4!200N Closed circuit television CC/V%F0emote video.....................................40 1.20 1.21 Decurit$ li#htin#............................................................................................................ 40 .erimeter access control..............................................................................................40
fences and walls.................................................................................................................40 pedestrian barriers' and......................................................................................................40 vehicular barriers................................................................................................................40 1.21.1 &ences and walls.....................................................................................................41 :D1J22F12!200B &ences 2 Dpecification for steel palisade fences...................................41 :D1J22L14!200B &encesFDpecification for open mesh steel panel fences ......................41 AD 1J2A!2003 Chain2lin9 fabric securit$ fencin# and #ates Chain lin9 fences provide minimal securit$ unless used in conMunction with other securit$ measures such as .(,D%......41 AD")ID 301B!2002 -lectrical installationsF-lectric securit$ fences..................................41 1.21.2 .edestrian barriers..................................................................................................41 1.21.3 Vehicle barriers.......................................................................................................41 1.22 Decurit$ containers and cabinets.................................................................................41 the level of classification.....................................................................................................42 the value and attractiveness of the information or ph$sical assets to be stored..................42 the location of the information or ph$sical assets within a facilit$........................................42 the structure and location of the buildin#.............................................................................42 access control s$stems' and...............................................................................................42 other ph$sical protection s$stemsFfor e>ample' loc9s and alarms....................................42 lower the li9elihood of compromise of information when ph$sical assets are stolen' and....42 help investi#ators determine the reason for an$ incidents involvin# unauthorised access.. 42 compromise of the a##re#ation of information on the ph$sical asset' or ............................42 loss of the ph$sical asset...................................................................................................42 1.22.1 DC-C2approved securit$ containers........................................................................42
>
Class AF,esi#ned to protect information that has an e>treme or catastrophic business impact level in hi#h ris9 situations. /hese containers are e>tremel$ heav$ and ma$ not be suitable for use in some buildin#s with limited floor loadin#s..................................................42 Class :F,esi#ned to protect information that has an e>treme or catastrophic business impact level in low ris9 situations and information that has a hi#h or ver$ hi#h business impact level in hi#her ris9 situations. /hese containers are robust filin# cabinets or compactuses fitted with a combination loc9. /here are broadl$ two t$pes!..................................................42 heav$ t$pes suitable for use where there are minimal other ph$sical controls' and ...........42 li#hter models desi#ned for use in conMunction with other ph$sical securit$ measures. .....42 Class CF,esi#ned to protect information that has up to an e>treme business impact level in low ris9 situations' and information that has a medium business impact level in hi#her ris9 situations. /hese containers are fitted with a DC-C2approved restricted 9e$ed loc9 and are of similar construction to the li#hter Class : containers..............................................................42 information with a low to medium business impact and a DC-C2approved container is not re?uired' or ............................................................................................................................ 43 hi#her level information within a DC-C2approved securit$ room.........................................43 1.22.2 Commercial safes and vaults..................................................................................43 fire resistant either document or data%...............................................................................43 bur#lar$ resistant' or........................................................................................................... 43 a combination of both..........................................................................................................43 :asic! suitable for homes' small businesses' offices' etc....................................................43 Commercial! suitable for medium retail' real estate a#ents' etc..........................................43 6edium securit$! suitable for lar#e retail' post offices' etc..................................................43 =i#h securit$! suitable for financial institutions' clubs' etc...................................................43 ->tra hi#h securit$ vaults onl$%! suitable for hi#h volume financial institutions' etc............43 -) 144A0FDecure stora#e units. 0e?uirements' classifications and methods of test for resistance to bur#lar$. Decure safe cabinets.........................................................................43 +* BNJF:ur#lar$2resistant safes.......................................................................................43 +* J2F/ests for fire resistance of records protection e?uipment.......................................43 J(D D 103JFDtandard fire test............................................................................................43 QD7 4A00F&ire resistant...................................................................................................43 1.22.3 Vehicle safes........................................................................................................... 44 1.23 1.24 Decurit$ rooms' stron#rooms and vaults......................................................................44 8ther controls..............................................................................................................4N
1.24.1 Vehicle immobilisation.............................................................................................4K automatic immobilisation of a vehicle when not in use and re?uires the 9e$ or electronic to9en to start the vehicle' or....................................................................................................4K remote immobilisation' normall$ in conMunction with a remote trac9in# and alarm s$stem that can disable a vehicle while in use....................................................................................4K
>i
1.24.2 &ront counters and interview or meetin# rooms......................................................4K 1.24.3 6ailrooms and deliver$ areas..................................................................................4K 1.24.4 /echnical surveillance counter measures and audio securit$..................................4K before an event................................................................................................................... 4K as part of a pro#rammed technical securit$ inspection or surve$' or...................................4K as a result of a concern followin# a securit$ breachFfor e>ample' the unauthorised disclosure of a sensitive discussion........................................................................................4K areas where /8. D-C0-/ discussions are re#ularl$ held' or the compromise of other discussions ma$ have a catastrophic business impact' and ..................................................A0 before conferences and meetin#s where /8. D-C0-/ discussions are to be held. .........A0 1.24.A Conference securit$................................................................................................A0 prevent unauthorised people #ainin# access to official information or ph$sical assets.......A0 protect the people attendin# the conference.......................................................................A0 protect propert$ from dama#e' and.....................................................................................A0 ensure the proceedin#s are conducted without disruption..................................................A0 Physical security elements in administrati#e security..........................................................%1 a#enc$ personnel transportin# small ph$sical assets and information out of a#enc$ premises' or transferrin# hard cop$ information to other a#encies usin#!...............................A1 securit$ briefcases..............................................................................................................A1 sin#le use pouches............................................................................................................. A1 reusable pouches and containers' and...............................................................................A1 seals................................................................................................................................... A1 destruction of classified information' usin#' for e>ample' disinte#rators and shredders......A1 1.2A /ransportin# information and ph$sical assets..............................................................A1 1.2A.1 Valuable ph$sical assets.........................................................................................A1 1.2A.2 Classified information..............................................................................................A1 paper envelopes and seals for inner envelopes' or ............................................................A2 outer envelopes in double envelopin#.................................................................................A2 1.2B ,estruction e?uipment.................................................................................................A2 shreddin#............................................................................................................................ A2 pulverisin#' and................................................................................................................... A2 disinte#ratin#...................................................................................................................... A2 .DC )o. A3 ->ternal ,estruction of )ational Decurit$ Classified 6atter' and....................A2 .DC )o. J3 Classified Haste ,estruction.........................................................................A2 1.2B.1 Dhredders................................................................................................................A2 Class A shredder! ma>imum particle siPe 1 mm > 20 mmFsuitable for all levels of business impact..................................................................................................................................... A3
>ii
Class : shredder! ma>imum particle siPe 2.3 mm > 2A mmFsuitable for business impact levels up to and includin# hi#h................................................................................................A3 Anne& A' Physical security measures checklist....................................................................% slab2to2slab construction at all e#ress points' or.................................................................AA tamper evident ceilin#' or ...................................................................................................AA Construction to AD(8 /echnical )ote L .h$sical Decurit$ of (ntruder 0esistant Areas"D02 roomsF6edium 6%...............................................................................................................AA Anne& B' Summary of e(ui)ment tested *y the Security Construction and +(ui)ment Committee and guidelines to assist agencies in selecting commercial e(ui)ment ..................................................................................................................................... ,3 Anne& C' Summary of -urisdictional guard licencing legislation.........................................,, Anne& .' /egislation co#ering CC01 installation and usage...............................................,2 Anne& +' Safe and #ault ty)es................................................................................................,3 :ur#lar$ resistant ............................................................................................................... BK &ire resistant documents%.................................................................................................BK 6edia data% safes ............................................................................................................. BK
>iii
Amendments
4o. 1. 2. 3. 4. A. B. J. .ate Deptember 2011 Deptember 2011 ,ecember 2011 ,ecember 2011 Deptember 2012 Deptember 2012 Deptember 2012 /ocation /able 3 and Dection A.B Anne> A 2 access control .a#e 40 A.A.2 /able 4 and A.3.2 +pdate 1.3.1 and remove Anne> : A.1A.A Conference securit$ Amendment Clarif$ re?uirements for interoperabilit$ of DAD and -ACD Correct dual authentification re?uirement to Ione A onl$ 0eplace reference to Esevere@ business impact with Ee>treme@. Correct Australian Dtandard reference from AD4N1A to AD41NA (nclude reference to /$pe 1 documentation in certification re?uirement 0eference PSPFGlossary of Terms +pdate reference to Australian Government physical security management guidelinesEvent Security
>iv
Introduction
1.1 Pur)ose
/he Australian Government physical security management guidelinesSecurity zones and risk mitigation control measures provide #uidance on achievin# a consistent approach to determinin# ph$sical securit$ controls in a#enc$ facilities. /he$ aid a#encies to protect their people' information and ph$sical assets.
1.2
Audience
/his document is intended for! Australian 7overnment securit$ mana#ement staff contractors to the Australian 7overnment providin# ph$sical securit$ advice and services' and an$ other bod$ or person responsible for the securit$ of Australian 7overnment people' information or ph$sical assets.
1.3
Sco)e
/hese #uidelines relate to ph$sical securit$ measures! within Australian 7overnment facilities facilities handlin# Australian 7overnment information and ph$sical assets' or where Australian 7overnment emplo$ees are located.
4ote! Hhere le#islative re?uirements are hi#her than controls identified in these #uidelinesF le#islative controls ta9e precedence and are to be applied. A#encies are to protect an$ information or ph$sical assets provided b$ another #overnment in accordance with international a#reements' see PSPFGovernance arrangements4 !" #nternational security agreements. /hese #uidelines include advice on the Australian 7overnment@s e>pectations for the protection of Australian information and ph$sical assets b$ forei#n #overnments.
to which a#encies cannot #ive a polic$ e>ception' or used in other protective securit$ documents that set controls
Eare to@ or Eis to@Fare directions re?uired to support compliance with the mandator$ re?uirements of the ph$sical securit$ core polic$' and Eshould@Frefers to better practiceG a#encies are e>pected to appl$ better practice unless there is a reason based on their ris9 assessment to appl$ alternative controls.
&or details on polic$ e>ceptions see the Australian Government physical security management protocol' section 1.4. Additional terms used in these #uidelines are defined in the PSPFGlossary of Terms.
Background
1.4 5hy the guidelines 6ere de#elo)ed
/he Australian Government physical security management guidelinesSecurity zones and risk mitigation control measures provide a consistent and structured approach to determinin#! the business impact of information' people and ph$sical assets the level of control re?uired to!
meet the threat environment #ive suitable protection to information' people and ph$sical assets provide assurance to other a#encies for information sharin#' and the t$pes of controls that are suitable.
/he #uidelines will! aid in establishin# consistent terminolo#$ for ph$sical securit$ across the Australian 7overnment' and #ive a#encies a framewor9 for the assurance needed to share information and ph$sical assets.
1.A
/hese #uidelines support the implementation of the .rotective Decurit$ .olic$ &ramewor9 .D.&%. (n particular' the$ support the Australian Government physical security protocol. /he$ are part of a suite of documents that aid a#encies to meet their ph$sical securit$ re?uirements. /he protocol and #uidelines are available from www.protectivesecurit$.#ov.au.
1.B
/hese #uidelines are broadl$ divided into four sections! ris9 miti#ation and assurance measures the Decurit$ Iones methodolo#$ and re?uirements details of individual control measures' and a chec9list for a#encies reviewin# ph$sical securit$ measures.
1.J
A#encies are to underta9e a full securit$ ris9 assessment in accordance with! the Australian Dtandard AD")ID (D8 31000!200K $isk %anagement & Principles and guidelines' and the Australian Dtandards =: 1BJ!200B Security risk management
when decidin# which ris9 miti#ation controls are re?uired. Dee PSPFGovernance arrangementsSecurity risk management 78V2B%. A summar$ of the steps used to identif$ and value assets includin# information and people%' determine and miti#ate the ris9s of compromise or loss of inte#rit$ or unavailabilit$ of those assets is in &i#ure 1. /he full ris9 mana#ement process is detailed in =: 1BJ!200B Security risk management.
,etermine the business impact level of the compromise' loss of inte#rit$ or unavailabilit$ of the assets criticalit$ and conse?uence%
(dentif$ a#enc$ specific threats to assets includin# natural and man2made threats
Dpecialist advice should be sou#ht about the ris9 of natural disasters and suitable miti#ation strate#ies when selectin# sites. A#encies at ris9 from natural disasters should select securit$ products that protect a#ainst these when hardenin# facilities a#ainst ph$sical securit$ ris9s. Some threats to facilities that may re(uire additional )hysical controls /he followin# list identifies some possible additional threats that ma$ increase the li9elihood of compromise of information or ph$sical assets' or harm to people within a#encies. /his list is indicative' not definitive! Agency )rogramsFinherent ris9s in a#enc$ pro#rams. Pu*lic kno6ledge of facility usesFran#in# from no public 9nowled#e to full public 9nowled#e of contentious pro#rams underta9en at the facilit$. /e#el of neigh*ourhood crimeFran#in# from occasional minor crime to re#ular maMor or or#anised crime. Client #iolenceFran#in# from occasional non2confrontational contact with clients to re#ular client contact which ma$ lead to violence. Pu*lic #iolenceFran#in# from little to no public contact to re#ular public protests that ma$ be violent. 0errorismFwhich ma$ lead to violence a#ainst personnel or facilities' or covert access to sensitive information. Shared facilitiesFran#in# from sin#le use facilities to co2tenancies with private hi#h ris9 tenants. Hor9 areas within an a#enc$ with diverse pro#rams ma$ also be considered as sharin# facilities%. Attracti#eness of information and )hysical assetsFran#in# from little value to information and ph$sical assets that are attractive to #roups of securit$ concern' includin# forei#n intelli#ence services' issue motivated #roups' trusted insiders.
1.N
/o encoura#e information and ph$sical asset sharin#' a#encies need to have a hi#h level of assurance that other a#encies will suitabl$ protect their information and assets. A#encies are to determine business impact of the compromise' loss of inte#rit$ or unavailabilit$ of their information and assets as part of the securit$ ris9 assessment to determine the assurance the$ re?uire. An a#enc$@s ris9 assessment ma$ identif$ the need for securit$ control measures that e>ceed the minimum control measures for securit$ classified information. /able 1 #ives broad descriptions of business impact levels. &or details on determinin# business impact levels see the Australian Government protective security governance guidelines 'usiness impact levels.
0a*le 1' Business im)act le#els Business im)act *ow .escri)tion Could be e>pected to harm #overnment a#enc$ operations' commercial
entities or members of the public 6edium Could be e>pected to cause limited dama#e to national securit$' #overnment a#enc$ operations' commercial entities or members of the public Could be e>pected to dama#e #overnment a#enc$ operations' commercial entities or members of the public Could be e>pected to dama#e national securit$ Could be e>pected to seriousl$ dama#e national securit$ Could be e>pected to cause e>ceptionall$ #rave dama#e to national securit$
1.K
A#encies are to evaluate each of their sites separatel$. /hese ma$ be further subdivided into separate wor9 areas where there is considerable variation in ris9s to each wor9 area. A site securit$ plan documents measures to counter identified ris9s to an a#enc$@s functions' information' people and ph$sical assets at a desi#nated site. A#encies are to evaluate the different ris9s to their facilities' people' information functions and ph$sical assets durin# business hours and out2of2hours. Controls needed durin# operatin# hours should ta9e into account the increased ris9s from public and client contact as well as insider threats. Hhile these ris9s still e>ist out2of2hours' there ma$ be a hi#her ris9 from e>ternal sources such as brea9 and enters. A#encies are to assess the impact of the compromise' loss of inte#rit$ or unavailabilit$ of their site securit$ plans to their securit$ and operations' and appl$ a suitable ,issemination *imitin# 6ar9er ,*6% or securit$ classification. Dee the Australian Government information security management guidelinesSecurity classification system. A site securit$ plan should include! measures that are scalable to meet increases in threat levels the location and nature of the site whether the a#enc$ has sole or shared ownership or tenanc$ of the site whether the public or other non2a#enc$ personnel have a ri#ht of entr$ to the site
what securit$ classification of information is to be stored' handled' processed or otherwise used in each part of the site (C/ assets' includin#' but not limited to' data' software' hardware and portable e?uipment such as laptops' personal electronic devices (C/2related e?uipment for e>ample' file servers' wor9stations' terminals' main distribution frames and cablin#% and utilities an$ other resources that will be on the site an indication of whether ever$ part of the site is intended to have the same level of securit$ what protective measures will be re?uired for!
the site as a whole particular areas within the site for e>ample' part of a floor which will hold information of a hi#her classification than the rest of the site% what differin# measures will be re?uired for!
stora#e' handlin# and processin# of securit$ classified information' and securit$ classified or otherwise sensitive discussions and meetin#s.
/he effectiveness of securit$ elements will influence! probabilit$ of detectionFthe cumulative probabilit$ of detectin# an adversar$
0ime needed *y )hysical security systems Alarm ,ispatch response ,etection and assessment of breach
cumulative dela$Fthe combined minimum dela$ time alon# the adversar$ path responseFthe time for a response to reach a point of detection' and interruptionFoccurs when the response time is less than the dela$ provided' measured from the first point of detection.
&urther information on appl$in# critical path anal$sis is available in Physical Protection Systems b$ 6ar$ *$nn 7arcia and the companion assessment tool.
Security !ones
Decurit$ Iones provide a methodolo#$ for ph$sical securit$ miti#ation based on the securit$ ris9 assessment. /he Iones are a #uide to developin# a facilit$' buildin# and rooms ph$sical securit$ plan. Application of re?uirements based on the business impact level of an$ compromise' loss of inte#rit$ or unavailabilit$ of information and ph$sical assets within Pones #ives assurance in information and asset sharin# arran#ements. /he primar$ outcomes of the Pones methodolo#$ are to #ive a scalable level of protection from! unauthorised or covert access' and forcible attac9.
/he ph$sical securit$ measures in hi#her level Pones should include tamper evidence and also be! hi#hl$ resistant to covert attac9 to protect information' or hi#hl$ resistant to forcible attac9 to protect assets.
&or further information see *a$erin# of Iones. /able 2 provides broad descriptions of the functions that a#encies can underta9e in the Iones' the information and assets the$ can handle and store in the Iones' and some e>amples of Decurit$ Iones. 0a*le $' Security !ones
!one ty)e Ione 8ne .escri)tion .ublic access areas Ione includes perimeter access control measures. Dtora#e of information and ph$sical assets with low to medium business impact levels needed to do business. +se of information and ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a hi#h or ver$ hi#h business impact is permitted. Dtora#e not recommended but is permitted if unavoidable. +se of information and ph$sical assets above ver$ hi#h onl$ under e>ceptional circumstances with approval of the ori#inatin#"ownin# a#enc$. )o stora#e permitted. /he inner perimeter of Pone one ma$ move to the buildin# or premise perimeter out of hours if e>terior doors are secured.% +&am)les :uildin# perimeters and public fo$ers. (nterview and front2des9 areas where there is no se#re#ation of staff from clients and the public. 8ut2of2office temporar$ wor9 areas where the a#enc$ has no control over access. &ield wor9 includin# most vehicle2based wor9. ->hibition areas with no securit$ controls. .ublic access parts of multi2buildin# facilities.
10
.escri)tion +nrestricted emplo$ee and contractor access with restricted public access. Dtora#e of information and ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to ver$ hi#h is permitted. +se of information and ph$sical assets with an e>treme business impact is permitted' but not normall$ stored in area. )o stora#e of these assets without ori#inator@s approval. +se of information and ph$sical assets with a catastrophic business impact onl$ under e>ceptional circumstances to meet operational imperatives with approval of the ori#inatin# a#enc$. )o stora#e permitted. /he outer perimeter of Ione /wo ma$ move to the buildin# or premise perimeter out of hours if e>terior doors are secured.% *imited emplo$ee and contractor access with escorted or closel$ controlled visitors onl$. (f securit$ classified information is held' all emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information the$ access in the Ione. Dtora#e of information or ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to e>treme is permitted. +se of information with catastrophic impact level is permitted' but not normall$ stored in area.
+&am)les )ormal a#enc$ office environments. )ormal out2of2office or home2based wor9sites where the a#enc$ has control of access to the part of the site used for a#enc$ business. 6ilitar$ bases and airside wor9 areas. (nterview and front2des9 areas where there is se#re#ation of staff from clients and the public. Court houses. Vehicle2based wor9 where the vehicle is fitted with a securit$ container' alarm and immobiliser. ->hibition areas with securit$ controls and controlled public access.
Ione /hree
Decurit$ areas within a#enc$ premises with additional access controls on staff. ->hibition areas for ver$ valuable assets with specific item asset protection controls and closel$ controlled public access. Areas used to store art wor9s or items of cultural si#nificance when not on displa$. Court rooms.
11
.escri)tion Dtrictl$ controlled emplo$ee access with personal identit$ verification as well as card access. 8nl$ contractors and visitors with a need to 9now and closel$ escorted #iven access. (f securit$ classified information is held' all emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information held in the Ione. Dtora#e of information of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to e>treme is permitted. Dtora#e of or ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to catastrophic is permitted. +se of information with catastrophic impact level is permitted' but not normall$ stored in area. /hese areas are normall$ onl$ constructed as an alternative to Ione /hree where the facilit$ also has a Ione &ive.% Dtrictl$ controlled emplo$ee access with personal identit$ verification as well as card access. 8nl$ contractors and visitors with a need to 9now and closel$ escorted #iven access. All emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information held in the Ione. Dtora#e of information classified /8. D-C0-/' Codeword information or lar#e ?uantities of other information where the compromise' loss of inte#rit$ or unavailabilit$ of the a##re#ate of the information would have a catastrophic business impact.
+&am)les Decurit$ areas within a#enc$ premises with additional access controls on staff. ->hibition areas for ver$ valuable assets with specific item asset protection controls and closel$ controlled public access. Areas used to store art wor9s or items of cultural si#nificance when not on displa$.
Ione &ive
12
Dee the Australian Government protective security governance guidelines'usiness impact levels. A#encies holdin# information or ph$sical assets of which the compromise' loss of inte#rit$ or loss of availabilit$ would have an e>treme business impact ma$ choose to use Iones /hree or &our for all their #eneral staff access areas' rather than Ione /wo. A#encies with information of which the compromise' loss of inte#rit$ or loss of availabilit$ would have a catastrophic business impact ma$ choose to use Ione &our for all their #eneral staff access.
13
14
1.K.4
one requirements
A#encies are to use controls to treat their identified ris9s. /he$ are to then appl$ the controls in the followin# table which identifies the re?uirements for each Pone to #ive assurance in information or ph$sical asset sharin# arran#ements. /he Pone re?uirements provide a level of assurance a#ainst! the compromise' loss of inte#rit$ or unavailabilit$ of information' and the compromise' loss or dama#e of ph$sical assets.
/hese obMectives ma$ not encapsulate all t$pes of protection re?uired for people' information and ph$sical assets. A#encies should determine additional treatments based on their ris9 assessments. Ione re?uirements are detailed in /able 3.
1A
0a*le 3' !one re(uirements &urther details on each t$pe of control can be found in section A b$ followin# the lin9s in control components below%.
Control com)onents :uildin# construction /e#el of assurance re(uired for information and )hysical asset sharing !one :ne ,etermined b$ an a#enc$@s ris9 assessment !one 06o .uring *usiness hours )ormal construction to the Australian :uildin# Code :ut;of;hours )ormal construction and! Dlab2to2slab construction' or tamper evident ceilin#s' or construction to AD(8 Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ $ooms ,etermined b$ an a#enc$@s ris9 assessment' recommended for office environments AD 2201 Class 3L4 alarm which should be hard wired within the Ione !one 0hree Construction! to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms or information onl$' or usin# elements tested to AD 3AAA.1L2003 level 4 or above for valuable ph$sical assets !one 7our Construction! to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms or information onl$' or usin# elements tested to AD 3AAA.1L2003 level 4 or above for valuable ph$sical assets !one 7i#e Construction to! AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms' and Supplement to the Technical -ote & Physical Security of T)P SE*$ET areas
AD 2201 Class A alarm which should be hard wired within the Ione use of DC-C approved detection devices is recommended%
,etermined b$ an a#enc$@s ris9 assessment response should be within the achieved dela$ from other ph$sical securit$ measures%
1B
Control com)onents
Access control s$stems1
/e#el of assurance re(uired for information and )hysical asset sharing !one :ne ,etermined b$ an a#enc$@s ris9 assessment !one 06o ,etermined b$ an a#enc$@s ris9 assessment' recommended for office environments (, card re?uired for access Commercial loc9in# s$stem !one 0hree (, card and sectionalised access control s$stem !one 7our (, card and sectionalised access control s$stem with full audit trail !one 7i#e (, card and sectionalised access control s$stem with ,ual authentication
*oc9s
,etermined b$ an a#enc$@s ris9 assessment. A#enc$@s buildin#s should be loc9ed out of hours ,etermined b$ an a#enc$@s ris9 assessment ,etermined b$ an a#enc$@s ris9 assessment
Qe$in# s$stems
Commercial restricted 9e$in# s$stem recommended ,etermined b$ an a#enc$@s ris9 assessment (f a DAD and separate -ACD are used the DAD cannot be disabled b$ the access control s$stem Visitor re#ister with visitors escorted in sensitive parts of facilit$
DC-C approved 9e$in# s$stem Alarm cannot be disabled b$ the access control s$stem
DC-C approved 9e$in# s$stem *imited one wa$ in accordance with the Type ! SAS for Australian Government #ntegration specification
DC-C approved 9e$in# s$stem /he alarm is a standalone s$stem and ma$ disable access control s$stem when activated
Visitor control
,etermined b$ an a#enc$@s information holdin#s' see /able A! Delectin# securit$ containers or rooms to store official information ,etermined b$ an a#enc$@s ph$sical asset holdin#s' see /able B! Delectin# safes or vaults to protect valuable ph$sical assets ,etermined b$ an a#enc$@s ris9 assessment ,etermined b$ an a#enc$@s ris9 assessment
1J
/e#el of assurance re(uired for information and )hysical asset sharing !one :ne !one 06o !one 0hree !one 7our !one 7i#e ,etermined b$ an a#enc$@s ris9 assessment ,etermined b$ an a#enc$@s ris9 assessment
8ther controls to address ,etermined b$ an a#enc$@s ris9 assessment. Dome e>amples of additional control measures for specific ris9s are at /able J! specific ris9s Additional controls to address specific ris9s 4otes'
1. A#encies are to use sectionalised alarm and access control s$stems when there are Iones /hree and above in a facilit$. /he alarm and access control
2. 3. s$stems are to meet the needs of the hi#hest Ione in the facilit$. Alternativel$ a#encies ma$ use separate alarm and access control s$stems for different Iones. 8ut2of2hours #uards' performin# re#ular information container and ph$sical asset inspections and patrols of facilities ma$ be a suitable replacement for an alarm s$stem in Iones 8ne to /hree. 0esponse time for off2site #uards should be less than the dela$ #iven b$ the total of other controls. (nteroperabilit$ of the alarm s$stem and electronic access control s$stems -ACD% is to meet the hi#hest re?uirement for all Pones covered b$ the alarm s$stem and -ACD. Hhere DC-C2approved /$pe 1 DAD are used' an$ inte#ration with buildin# mana#ement s$stems is to be in accordance with the Type ! SAS for Australian Government#ntegration specification /here ma$ be specific Murisdictional le#islation that applies to CC/V covera#e of public areas' see Anne> ,! *e#islation coverin# CC/V installation and usa#e. A#encies should ensure the$ use li#htin# that at least meets the minimum re?uirements for an$ CC/V s$stems used.
4. A.
1N
1K
A#enc$ securit$ ris9 assessment A#enc$ specific threat assessments e#. police threat assessment' etc Dite securit$ plan DC-C t$pe 1 alarm s$stem Commercial alarm s$stem
ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant1'2'3 Duitabl$ ?ualified s$stem installer"desi#ner1 Duitabl$ ?ualified s$stem installer"desi#ner1 ADA )"A
ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant1'2'3 Duitabl$ ?ualified s$stem installer"desi#ner1'2 Duitabl$ ?ualified s$stem installer"desi#ner1 ADA )"A
ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant3 )"A
-lectronic access control s$stem 8ther Ione re?uirements4 Dite inspection and certification of suitabilit$ to hold /8. D-C0-/ Dite inspection and certification of suitabilit$ to hold information below /D Accreditation of overall measures
ADA
ADA
ADA
ADA
)"A
ADA
ADA
ADA
ADA
ADA
)otes! 1. (nclusion of an alarm s$stem and"or -ACD in Iones 8ne and /wo are at the a#enc$@s discretion. 2. (f 8ut2of2hours #uardin# patrols and"or commercial alarm s$stems are not used instead. 3. DC-C2endorsed securit$ Pone consultants are to desi#n and commission DC-C /$pe 1 DAD in accordance with the re?uirements of the Type ! SAS #mplementation and )peration Guide
20
21
/hese approved items are listed in the DC-C Security E1uipment *atalogue. -ven where not re?uired an a#enc$ ma$ still use DC-C2approved securit$ e?uipment' or use suitable commercial e?uipment that complies with identified securit$ related Australian or (nternational Dtandards' for the protection of people' information or ph$sical assets. /he DC-C is developin# the Security e1uipment evaluated product list and DC-C Guidelines on e1uipment selection which will pro#ressivel$ replace the D-C' see Anne> :! Dummar$ of e?uipment tested b$ the Decurit$ Construction and -?uipment Committee and #uidelines to assist a#encies in selectin# commercial e?uipment.
22
A#encies should include additional buildin# elements to address an$ specific ris9s identified in their ris9 assessment where buildin# hardenin# ma$ provide some level of miti#ation. &or e>ample! blast miti#ation measures forcible attac9 and ballistic resistance road and public access paths li#htin# in addition to securit$ li#htin#% hostile vehicle miti#ation' and elements of crime prevention throu#h environmental desi#n C./-,%.
0elated Australian Dtandards! AD 3AAA.1!2003 'uilding elementsTesting and rating for intruder resistance#ntruder5 resistant panels /his standard provides #uidance on ver$ hi#h #rade intruder resistance such as for hi#h securit$ vaults%. AD")ID 2343!1KKJ 'ullet5resistant panels and elements. Sla*;to;sla* construction /he use of slab2to2slab constructionFthat is' the walls are Moined directl$ to the floor and bottom of the ne>t floor or the roof structureFprevents access throu#h false ceilin#s. A#encies should use slab2to2slab construction at the perimeter of Iones includin# all access points. /he AD(8 Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ $ooms provides details on methods to achieve slab2to2slab construction. As structural chan#es ma$ have an impact on the inte#rit$ of buildin#s' a#encies should see9 structural en#ineerin# advice before implementin# slab2to2slab construction. /he access points for Ione 8ne and /wo ma$ var$ between business and out of hoursG the Ione /wo access point ma$ move from an internal access point durin# business hours to the perimeter of the buildin# or premise out of hours. A#encies ma$ use access points for Ione /wo durin# business hours without slab2to2slab construction when the out2of2hours access point has slab2to2slab construction. Alternativel$ a#encies ma$ install an intruder2resistant la$er in the ceilin#' such as metal mesh' to address the problem of removable false ceilin# panels where the$ re?uire intrusion dela$ for specific rooms. /hese measures do not #ive an$ protection from over2hearin# and are not to be used where speech securit$ is needed. A#encies ma$ also use tamper2evident buildin# techni?ues to provide some indication of unauthorised access. Construction of !one 7i#e )erimeter &or further information on constructin# Ione &ive areas to store /8. D-C0-/ information or a##re#ation of information of which the compromise' loss of inte#rit$ or loss of availabilit$ ma$ cause catastrophic dama#e see! AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms' and Supplement to the Technical -ote & Physical Security of T)P SE*$ET Areas
23
-mplo$ees are to advise the ADA of an$ suspected compromise of .()s as soon as the suspected compromise is identified. /he ADA is to disable the .() and investi#ate an$ potential securit$ breach. &or details on conductin# an investi#ation see the Australian Government protective security governance guidelines$eporting incidents and conducting security investigations to be released shortl$. A#encies should have the default"en#ineerin# user codes removed from alarm s$stems at commissionin#. A#encies should develop appropriate testin# and maintenance procedures to ensure the alarm s$stem is continuall$ operational. Alarm s$stems can be broadl$ divided into two t$pes! perimeter or e>ternal% intrusion detection s$stems .(,D% or alarms' and internal securit$ alarm s$stems DAD%.
A#encies ma$ use out2of2hours #uard patrols instead of an alarm s$stem in all Iones up to and includin# Ione /hree' see 8ut2of2hours #uardin#.
24
Dee the DC-C Security E1uipment *atalogue. Contractors used to maintain these s$stems are to be cleared at the appropriate level for the information held within the Iones covered b$ the DAD in accordance with the Type ! SAS #mplementation and )peration Guide. A#encies contemplatin# the installation of a DC-C /$pe 1 DAD are to contact AD(82/4 to determine current applicable standards.
A#encies are to use AD 2201.1!200J Class A DAD' or DC-C /$pe1 DAD in Ione /hree areas. Alternativel$ a#encies ma$ use #uard patrols.
2A
(f a#encies use a commercial DAD in Ione /wo it should meet AD 2201.1!200J Class 3 or better. A#encies are to develop procedures to support the use' mana#ement' monitorin# and response arran#ements of a commercial #rade alarm s$stem. Hhere possible' a#encies should adopt the administration and mana#ement principles set out in the Type ! SAS #mplementation and )peration Guide An$ contractors used to maintain commercial DAD should be cleared to a level appropriate to the information to which the$ could reasonabl$ be e>pected to have incidental access in the Iones covered b$ the alarm s$stem. A#encies should use DC-C2approved detection devices in Ione /hree with a commercial DAD. /he$ ma$ use DC-C2approved detection devices in lower Iones covered b$ a commercial alarm s$stem. Dee the DC-C Security E1uipment *atalogue. A#encies should use a suitabl$ ?ualified desi#ner or installer to desi#n and commission an$ selected commercial alarm s$stems. 0elated Australian Dtandards! AD")ID 2201 Det!200N #ntruder alarm systems set!
AD")ID 2201.1!200J (ntruder alarm s$stemsFClient<s premisesF,esi#n' installation' commissionin# and maintenance AD 2201.2!2004 (ntruder alarm s$stemsF6onitorin# centres AD 2201.3!1KK1 (ntruder alarm s$stemsF,etection devices for internal use AD")ID 2201.A!200N (ntruder alarm s$stemsFAlarm transmission s$stems.
2B
Indi#idual duress alarm (ndividual or mobile duress alarms provide some deterrence to violence when emplo$ees are outside the office or circulatin# in public areas. .ersonal duress alarms fall into two broad cate#ories! remotel$ monitored duress alarms' and alarms that produce loud noise on activation.
0emotel$ monitored alarms are suitable for use within facilities where there is a dedicated monitorin# and response force. /he alarms consist of a personal alarm transmitter lin9ed to the facilit$' or a separate alarm s$stem. )oise producin# duress alarms rel$ on response b$ b$standers. /he$ are more suited for applications e>ternal to the a#enc$ facilities than monitored duress alarms where there could be considerable dela$ in response to the alarm. A#encies ma$ use these alarms within a facilit$ where the$ desire immediate notice of an incident b$ the people in the immediate area. <idden=fi&ed duress alarm &i>ed duress alarms are a t$pe of remotel$ monitored individual duress alarm. /he$ are normall$ hard wired and fi>ed to a location. A#encies should consider e?uippin# public contact areas' includin# the reception area' counters and interview rooms' with duress alarms where the ris9 assessment has identified a potential problem. =idden duress alarms should' enable emplo$ees to raise an alarm discreetl$' and be au#mented b$ procedures that provide an appropriate response.
A#encies should ensure that! all relevant staff are aware of and have re#ular trainin# and trials with the duress alarm the duress alarm is confi#ured as part of an intruder alarm s$stem that complies with AD")ID 2201 Det!200N' and the alarm panel is located within the protection Pones of the alarm s$stem in accordance with AD")ID 2201 Det!200N.
Additional information on installation and monitorin# of duress alarms is on the Hest Australian .olice webpa#e Standard code for supply and installation of hold5up and duress alarm devices.
2J
A#encies should see9 specialist advice when desi#nin# alarm s$stems for individual items.
-ach approach has advanta#es and disadvanta#es' and the precise method used will depend on the particular application in which access control is re?uired. Access control s$stems should provide identit$ validation b$ usin# authentication factors of! what $ou haveF9e$s' (, cards' passes' etc. what $ou 9nowF.()s' etc. who $ou areFvisual reco#nition' biometrics' etc.
2N
A#encies are to verif$ the identit$ of all people who are issued with access cards for their -ACD at the time of issue. Dee &urther information. A#encies are to re#ularl$ audit -ACD. Audits should occur in accordance with the a#enc$@s ris9 assessment to determine whether people with access have a continued need to access the s$stem and that an$ access for people who have left has been disabled"removed. Anti )ass *ack Anti pass bac9 is desi#ned to prevent misuse of access control s$stems. Anti pass bac9 establishes a specific se?uence in which access cards must be used for the s$stem to #rant access. Anti2pass bac9 controls ma$ also be achieved b$ lin9in# access control to various other access s$stems' such as information s$stems and other ph$sical access controls. 06o )erson access system Dome -ACD can be enabled to onl$ allow access to areas when two people are present and will activate an alarm if one leaves the area. /his is 9nown as a no2lone2Pone. (t re?uires two authorised people to access and e>it a desi#nated area.
2K
A#encies should consider usin# a two person access s$stem when the$ re?uire a ver$ hi#h level of assurance a#ainst compromise or loss of hi#hl$ classified information or e>tremel$ valuable ph$sical assets. 7urther information &or further advice on personal identit$ verification .(V% for access control s$stems see! /he )ational (nstitute of Dtandards and /echnolo#$ +D ,ept of Commerce% publication' A $ecommendation for the 6se of P#7 *redentials in Physical Access *ontrol Systems .ACD%' and AD A1NA!2010 Protocol for light3eight authentication of identity 8P9A#(:' which #ives advice on confirmin# identit$ for access to lo#ical s$stems.
/here are currentl$ no Australian Dtandards that provide #uidance on desi#nin# or installin# -ACD. /he +D &(.D 201 and Canadian CA)"+*C2D31K ma$ provide some #uidance. -ACD ma$ be inte#rated with electronic alarm s$stems. Dee (nteroperabilit$ of alarm s$stem and other buildin# mana#ement s$stems.
A#encies should discoura#e emplo$ees from wearin# (, cards outside a#enc$ premises. (, cards should include a return address for lost cardsG it should not identif$ the facilit$ to which the card #ives access. A#encies ma$ include other information on (, cards to improve control of access' such as names' photo#raphs and colours. -ACD access cards can be used as (, cards. A#encies are to secure all! card ma9in# e?uipment' and spare' blan9 or returned cards
30
A#encies should consider an$one who is not an emplo$ee in a facilit$ or area' or has otherwise been #ranted normal access to the facilit$ or area' as a visitor. /his ma$ include emplo$ees from other areas of the a#enc$. A#encies are to issue visitors accessin# Iones /hree to &ive areas with visitor passes. A#encies should also issue visitors to Ione /wo with visitor passes when other controls to limit access are not in place. .asses are to be! worn at all times collected at the end of the visit disabled on return if the passes #ive access to an$ a#enc$ access control s$stems' and chec9ed at the end of the da$ and' where the passes are reusable' action ta9en to disable and recover an$ not returned.
31
A#encies are to record details of all visitors to Ione /hree to &ive areas. A#encies should also record visitor access to Ione /wo areas if other control measures are not in place. An a#enc$ emplo$ee or authorised person should escort visitors. A#encies ma$' based on their ris9 assessment' record visitor details at the! facilit$ reception areas' or entr$ to individual securit$ Pones.
/he visitor re#ister would normall$ be located at the facilit$ reception des9 unless the des9 is unmanned' in which case it should be held b$ a desi#nated emplo$ee within the facilit$. Hhere a#encies mana#e the control of access to specific areas at the entr$ to the area then those areas should have their own visitor re#isters.
32
if the person does not stop the unacceptable behaviour' advise them that due to their behaviour the a#enc$ head' person authorised or an Authorised Commonwealth 8fficer is withdrawin# permission for them to be on the premises re?uest the person to leave the premises immediatel$' and warn the person that the police will be called if the$ remain' and of the possible le#al conse?uences of non2compliance with the re?uest to leave.
(n most cases the person will a#ree to leave. (f the a#enc$ head' authorised person or an Authorised Commonwealth 8fficer assesses it is safe to do so the person should be accompanied until the$ have left. =owever' if the$ refuse to leave' the a#enc$ should contact the police immediatel$. )o emplo$ee or #uard is to attempt to ph$sicall$ remove a person from a#enc$ premises' unless permitted to do so under le#islation. /his would normall$ be left to a police officer. /he police contact telephone number should be available to all emplo$ees.
/he a#enc$ ma$ consider additional controls to be necessar$ for particular sites. (f an a#enc$ #rants permission for a visit to areas where securit$ classified information is bein# used or handled' the emplo$ee responsible for the media representatives is to remind them that no photo#raphs or recordin#s of an$ t$pe can be ta9en at an$ time durin# the visit e>cept with specific a#enc$ approval.
33
/he$ should be able to easil$ loc9 all access to the reception area and"or non2public areas of the buildin# in an emer#enc$. /he$ ma$ onl$ perform other duties' such as CC/V and alarm monitorin#' if it does not interfere with their primar$ tas9 of controllin# buildin# access throu#h the reception area. (f performin# other duties the$ are to be suitabl$ trained and competent. 0eceptionists and #uards are to have a method of callin# for immediate assistance if threatened Ffor instance' a duress alarm' radioFas the$ are most at ris9 from dis#runtled members of the public. A#encies are to identif$ an$ securit$ concerns for receptionists and #uards and people usin# a#enc$ reception areas in their securit$ ris9 assessment and miti#ate these concerns. &or further information on safe reception area desi#n see ComcareFVirtual 8fficeF0eception.
7uards should hold securit$ clearances at the hi#hest level of information to which the$ ma$ reasonabl$ be e>pected to have incidental contact. Dee the Australian Government protective security governance guidelinesSecurity of outsourced functions to be released shortl$% for details of securit$ elements to be included in contracts. :ut;of;hours guard res)onse A#encies ma$ use out2of2hours #uard services in response to alarms in all Iones. /he response time should be within the dela$ period #iven b$ the ph$sical securit$ controls. /he hi#hest level of assurance is #iven b$ 24"J on2site #uards who can respond immediatel$ to an$ alarms.
34
secure all access points to their premises includin# doors and operable windows' usin# commercial #rade or DC-C2approved loc9s and hardwareG these loc9s ma$ be electronic' combination or 9e$ed #ive combinations' 9e$s and electronic to9ens the same level of protection as the most valuable information or ph$sical asset contained b$ the loc9' and use DC-C2approved loc9s and hardware in Iones &our and &ive' see the DC-C Security E1uipment *atalogue.
A#encies ma$ use suitable commercial loc9in# s$stems in other areas. *oc9s are onl$ as stron# as the fittin#s and hardware surroundin# them. A#encies should also assess the level of protection needed from ,oors and frames when selectin# loc9s. Hhen usin# DC-C2approved loc9s a#encies should use DC-C2endorsed loc9smiths. 0elated Australian Dtandards! AD 414A.2!200N 9ocksets and hard3are for doors and 3indo3s%echanical locksets for doors and 3indo3s in 2uildings.
/he$ do this b$ usin# various controls such as! le#al controls' for e>ample re#istered desi#ns' patents levels of difficult$ in obtainin# or manufacturin# 9e$ blan9s and the machiner$ used to cut duplicate 9e$s' and levels of protection a#ainst compromise techni?ues' for e>ample pic9in#' impressionin#' decodin#.
Hhen selectin# a 9e$in# s$stem a#encies should evaluate! the level of protection provided a#ainst common forms of compromise the len#th of le#al protection offered b$ the manufacturer supplier protection of a#enc$ 9e$in# data within supplier facilit$ the transferabilit$ of the s$stem and an$ associated costs' and commissionin# and on#oin# maintenance costs.
A#encies are to use DC-C2approved 9e$in# s$stems in Iones /hree to &ive. Dee the DC-C Security E1uipment *atalogue. A#encies ma$ use DC-C2approved 9e$in# s$stems in other areas based on their ris9 assessment. Hhen usin# DC-C2approved 9e$in# s$stems a#encies should use DC-C2endorsed loc9smiths. (n Ione /wo a#encies are to use commercial restricted 9e$in# s$stemsFthat is' 9e$s that are not able to be readil$ copiedFor combination loc9s. A#encies should also use restricted 9e$in# s$stems in lower level applications where there is a ris9 of theft.
3A
A#encies should use mastered 9e$ s$stems with sufficient levels so that separate area master 9e$s control an$ loc9s within -ACD and"or alarm s$stem control points. &i#ure 3 outlines an indicative master 9e$in# tree. :efore selectin# a ?ualified loc9smith to provide a 9e$in# s$stem' a#encies should consider whether the 9e$in# s$stem is proprietar$ to the installin# loc9smith' or will incur a cost if transferred to another loc9smith.
3B
7igure 3' Indicati#e master keying tree 7rand master 9e$ Area master 9e$ *oc9 *oc9 9e$ ,ey control 9e$ 1.1N.3 *oc9 9e$ *oc9 9e$ *oc9 9e$ Area master 9e$ *oc9 9e$ *oc9 9e$ *oc9 9e$
A#encies should maintain a re#ister of all 9e$s held and issued. Qe$ re#isters should be appropriatel$ secured and onl$ available to authorised emplo$ees. 0e#isters should include! 9e$ number name' position and location of person holdin# the 9e$ date and time issued' and date and time returned or reported lost.
A#encies are to limit the number of' and strictl$ control' all master 9e$s as the loss of a master 9e$ ma$ re?uire the re29e$in# of all loc9s under that master. ADAs should control the issuin# of all #rand master 9e$s as the$ ma$ #ive access to all areas of a facilit$. A#encies should audit 9e$ re#isters to confirm the location of all 9e$s re#ularl$ in accordance with the a#enc$@s ris9 assessment. A#encies@ decisions to allow the removal of 9e$s from their facilities are to be based on their ris9 assessment as this si#nificantl$ increases the ris9 of loss. Hhere a#encies allow 9e$s to be ta9en out of their facilities! mana#ers should approve the removal' and a#encies should increase the fre?uenc$ of 9e$ audits.
A#encies should provide all emplo$ees with trainin# on their 9e$ mana#ement polic$. >ey ca*inets A#encies should locate 9e$ cabinets within a facilit$@s secure perimeter and where possible within the perimeter of the Ione where the loc9s are located. Qe$ cabinets ma$ be manual or electronic. Commercial #rade 9e$ cabinets provide ver$ little protection from forced or covert access. DC-C2approved Class : 9e$ cabinets provide the same level of protection as other DC-C2 approved Class : cabinets. -lectronic 9e$ cabinets ma$ have automatic audit capacit$ and replace the need to maintain a 9e$ re#ister. /he$ ma$ be able to be inte#rated into the -ACD. =owever' there are currentl$ no electronic 9e$ containers suitable for hi#h securit$ applications unless used in conMunction with other control measures such as locatin# the 9e$ container within a securit$ room or area covered b$ a securit$ alarm.
3J
-mplo$ees are to immediatel$ report the compromise or suspected compromise of a combination settin# to the ADA. A#encies should loc9 and service combination loc9s in accordance with the loc9 manufacturer@s instructions.
1.1N.A Doors
A#encies should select doors that provide a similar level of protection to the loc9s and hardware fitted. /here is si#nificant variation in commercial office door t$pes. /hese include' but are not limited to! solid core timber metal framed insert panel metal clad solid core or hollow core #lass swin# openin# rotatin# #lass' and #lass slidin#' sin#le and double.
Dolid core wooden or metal clad doors ma$ also have #lass or #rill insert panels. /he panels and fi>in#s are to provide the same level of protection as the door. ,oor t$pes and thic9nesses for Iones /hree to &ive are specified in the AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms Automatic slidin# #lass doors normall$ operate throu#h an electric motor and #uide fitted to the top of the door. Dome automatic slidin# #lass doors' particularl$ when unframed' ma$ be levered open either at the centre Moint for double slidin# doors or sides for double and sin#le slidin# doors. /his can ma9e them difficult to secure without fittin# drop bolts' lower #uides' and"or door Mambs.
3N
,omestic hollow core doorsFused for most internal domestic doorsFand domestic slidin# #lass doors provide ne#li#ible dela$ as the$ are easil$ forced. =owever' if fitted with appropriate loc9s the$ will provide a de#ree of intruder evidence when bro9en. Hhen selectin# securit$ doors' a#encies need to incorporate an$ re?uirements of the :uildin# Code of Australia and an$ disabilit$ access re?uirements. 0elated Dtandards! :D -)11A4!1KKJ 'uilding hard3are 5 *ontrolled door closing devices $e1uirements and test methods AD 414A.A 'uilding hard3are*ontrolled door closing devicesPart =+ $e1uirements and test methods ?soon to *e released@.
A#encies are to compl$ with all relevant Murisdictional le#islation as well as Commonwealth le#islation #overnin# CC/V usa#e. Dee Anne> ,! *e#islation coverin# CC/V installation and usa#e. CC/V monitorin# ma$ be event2activated and used in conMunction with a securit$ alarm s$stem to help those responsible for respondin# to the alarm. 8r it ma$ be used in conMunction with an access control s$stem to aid personal identification for remote entr$ control. 6otion detectors' left item lac9 of motion detectors%' etc. can also be incorporated into CC/V monitorin# s$stems. Considerations on the use of CC/V include! how its use fits into the conte>t of the overall securit$ plan of the site the t$pe of incident anticipated and in what wa$ it will be e>pected to help the response to these incidents the need to advise staff and clients that it is in use on the premises' and the functional re?uirement.
A#encies should see9 specialist advice before desi#nin# and installin# a CC/V s$stem to ensure the proposed s$stem meets a#enc$ needs. (f it is e>pected that CC/V ima#es ma$ be used in court' the ?ualit$ of ima#es or data should be suitable for use as evidence in criminal proceedin#s.
3K
/he computers used to store ima#es ma$ re?uire si#nificant memor$ space to preserve ima#es at the ?ualit$ re?uired b$ the a#enc$. ->cessive compression ma$ lower the ?ualit$ to the point where the ima#es are no lon#er usable. A#encies should also consider the period that ima#es need to be retained when desi#nin# their s$stem. &or further information see the Council of Australian 7overnments publication0 A national approach to closed circuit television-ational code of practice for **T7 systems for the mass passenger transport sector for counter5terrorism. 0elated Australian Dtandards! AD 4N0B Det!200N CC/V Det!
AD 4N0B.1!200B *losed circuit television 8**T7:%anagement AD 4N0B.2!200B *losed circuit television 8**T7:Application guidelines AD 4N0B.3!200B *losed circuit television 8**T7:PA9 signal timings AD 4N0B.4!200N *losed circuit television 8**T7:$emote video.
40
41
Agencies should secure official information0 porta2le valua2le ph$sical assets and mone$ in suitabl$ assessed containers appropriate to the business impact of the compromise' loss of inte#rit$ or unavailabilit$ of the information and assets' and the identified ris9s. &actors that will affect the class of securit$ container or secure room re?uired include! the level of classification the value and attractiveness of the information or ph$sical assets to be stored the location of the information or ph$sical assets within a facilit$ the structure and location of the buildin# access control s$stems' and other ph$sical protection s$stemsFfor e>ample' loc9s and alarms.
A#encies are to store securit$ classified information separatel$ from other ph$sical assets. /his will! lower the li9elihood of compromise of information when ph$sical assets are stolen' and help investigators determine the reason for any incidents involving unauthorised access
Agencies should ensure valua2le ph$sical assets that contain official information' such as computers and other (C/ e?uipment' are protected from! compromise of the a##re#ation of information on the ph$sical asset' or loss of the ph$sical asset
heav$ t$pes suitable for use where there are minimal other ph$sical controls' and li#hter models desi#ned for use in conMunction with other ph$sical securit$ measures. A#encies should consider the sitin# of Class : containers as the wei#ht ma$ be an issue' particularl$ in older buildin#s. Class CA,esi#ned to protect information that has up to an e>treme business impact level in low ris9 situations' and information that has a medium business impact level in hi#her ris9
42
situations. /hese containers are fitted with a DC-C2approved restricted 9e$ed loc9 and are of similar construction to the li#hter Class : containers. A#encies ma$' where their ris9 assessments indicate' use loc9able commercial containers for! information with a low to medium business impact and a DC-C2approved container is not re?uired' or hi#her level information within a DC-C2approved securit$ room.
See Anne4 E+ Safe and vault types for more details on safe and vault types and functions /he Australian Dtandard AD")ID 3N0K!1KKN Safes and strongrooms provides advice on desi#n criteria for safes and stron#rooms used to protect valuable ph$sical assets. #t categorises safes and vaults as+ Basic+ suita2le for homes0 small 2usinesses0 offices0 etc Commercial/ suita2le for medium retail0 real estate agents0 etc Bedium security+ suita2le for large retail0 post offices0 etc <igh security+ suita2le for financial institutions0 clu2s0 etc +&tra high security 8vaults only:+ suita2le for high volume financial institutions0 etc
A#encies ma$ use safes and vaults from the followin# (nternational Dtandards that meet similar desi#n criteria as the Australian Dtandard! -) 144A0FSecure storage units $e1uirements0 classifications and methods of test for resistance to 2urglary Secure safe ca2inets +* BNJF'urglary5resistant safes.
/he followin# (nternational Dtandards provide advice on testin# for fire resistance in safes! +* J2FTests for fire resistance of records protection e1uipment J(D D 103JFStandard fire test QD7 4A00FFire resistant.
43
44
0a*le %' Selecting security containers or rooms to store official information A#encies are to use the followin# table when selectin# the minimum level of securit$ containers or securit$ rooms for storin# official information where the compromise' loss of inte#rit$ or unavailabilit$ of the information has a business impact level. A#encies are to assess the business impact of the compromise' loss of inte#rit$ or unavailabilit$ the a##re#ation of information before determinin# the level of container re?uired. A limited holdin# of information is an amount where compromise' loss of inte#rit$ or unavailabilit$ does not increase the business impact level.
!one :ne +nclassified official information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a low business impact A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a medium business impact level. 8r limited holdin#s of information with an &8+8 or Densitive1 ,*6 A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a hi#h business impact level. 8r limited holdin#s of .08/-C/-, information A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a ver$ hi#h business impact level. 8r limited holdin#s of C8)&(,-)/(A* information ,etermined b$ a#enc$ ris9 assessment' loc9ed commercial container recommended DC-C Class C !one 06o ,etermined b$ a#enc$ ris9 assessment !one 0hree ,etermined b$ a#enc$ ris9 assessment !one 7our ,etermined b$ a#enc$ ris9 assessment !one 7i#e ,etermined b$ a#enc$ ris9 assessment
,etermined b$ a#enc$ ris9 assessment' secured from unauthorised access DC-C Class C
DC-C Class :
4A
!one :ne A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have an e>treme business impact level. 8r limited holdin#s of D-C0-/ information /8. D-C0-/ classified information information the compromise' loss of inte#rit$ or unavailabilit$ of which would have an catastrophic business impact level )otes! )ot permitted
)ot permitted
)ot permitted
DC-C Class :
1. (nformation with a Densitive ,*6 will have specific handlin# re?uirements included as a footer or cover pa#e to the document. Hhere these handlin# re?uirements e>ceed the re?uirements of this table the hi#her is re?uired to be applied' Dee the #nformation security management guidelinesProtectively marking and handling sensitive and security classified information . 2. (n e>ceptional circumstances to meet an operational re?uirementFfor e>ample' where /8. D-C0-/ information cannot be returned to a Ione &ive area Fa#encies ma$ store /8. D-C0-/ information for a period not to e>ceed five da$s in a Ione /hree or &our area. ADAs should initiall$ see9 advice from AD(82/4 before implementin# arran#ements for the temporar$ stora#e of /8. D-C0-/ information outside a Ione &ive area.
4B
0a*le ,' Selecting safes or #aults to )rotect #alua*le )hysical assets A#encies should use the followin# table as a #uide to selectin# commercial safes and vaults for storin# valuable ph$sical assets where their compromise' loss of inte#rit$ or unavailabilit$ has a business impact level on the a#enc$. A#encies should use other controls that #ive the same level of intrusion resistance and dela$ for items that cannot be secured in safes or vaults' such as lar#e items. A#encies should consult with a suitabl$ ?ualified loc9smith or vault manufacturer to determine the appropriate safe or vault for their needs.
!one :ne .h$sical assets the loss of which would have a low business impact level .h$sical assets the loss of which would have a medium business impact level .h$sical assets the loss of which would have a hi#h business impact level .h$sical assets the loss of which would have a ver$ hi#h business impact level .h$sical assets the loss of which would have an e>treme business impact level .h$sical assets the loss of which would have a catastrophic business impact level ,etermined b$ a#enc$ ris9 assessment' loc9ed commercial container recommended ,etermined b$ a#enc$ ris9 assessment' commercial safe or vault recommended Commercial safe or vault !one 06o ,etermined b$ a#enc$ ris9 assessment' loc9ed commercial container recommended ,etermined b$ a#enc$ ris9 assessment Commercial safe or vault !one 0hree ,etermined b$ a#enc$ ris9 assessment !one 7our ,etermined b$ a#enc$ ris9 assessment
,etermined b$ a#enc$ ris9 assessment ,etermined b$ a#enc$ ris9 assessment' commercial safe or vault recommended Commercial safe or vault
,etermined b$ a#enc$ ris9 assessment ,etermined b$ a#enc$ ris9 assessment ,etermined b$ a#enc$ ris9 assessment' commercial safe or vault recommended Commercial safe or vault
AD 3N0K commercial safe or vault AD 3N0K hi#h securit$ safe or vault Dhould not be held unless unavoidable
AD 3N0K medium securit$ safe or vault Dhould not be held unless unavoidable
AD 3N0K commercial safe or vault AD 3N0K hi#h or ver$ hi#h securit$ safe or vault
4J
Vehicle immobilisation Vehicle safe (ndividual item alarm"alarm circuit /wo person access s$stem &ront counters and interview or meetin# rooms
4N
A /DC6 surve$ also see9s to identif$ technical securit$ wea9nesses and vulnerabilities includin# the evaluation of ph$sical securit$ controls such as loc9s' alarms and -ACD.
4K
A#encies are to have /DC6 surve$s carried out for! areas where /8. D-C0-/ discussions are re#ularl$ held' or the compromise of other discussions ma$ have a catastrophic business impact' and before conferences and meetin#s where /8. D-C0-/ discussions are to be held.
A#encies should initiall$ see9 advice from AD(82/4 on the /DC6 measures re?uired. A#encies that need to hold classified or sensitive telephone conversations are re?uired to meet the lo#ical controls in the (D6.
A#encies should underta9e a securit$ ris9 assessment before holdin# a conference to identif$ and miti#ate an$ identified ris9s and' if warranted' develop a specific conference securit$ plan. Conference securit$ re?uirements are detailed in the Australian Government physical security management guidelinesEvent Security.
A0
securit$ briefcases sin#le use pouches reusable pouches and containers' and seals destruction of classified information' usin#' for e>ample' disinte#rators and shredders.
A#encies should refer to the DC-C Security E1uipment *atalogue when selectin# this ph$sical securit$ e?uipment.
A1
a#ainst forced entr$. A s9illed person ma$ also covertl$ open a securit$ briefcase. Dee the DC-C Security E1uipment *atalogue. Single use )ouches A#encies ma$ use DC-C2approved sin#le use pouches in lieu of! paper envelopes and seals for inner envelopes' or outer envelopes in double envelopin#. 5afer seals /here are currentl$ no DC-C2approved wafer seals for use in transportin# classified information usin# double envelopin#. Reusa*le )ouches A#encies ma$ use reusable pouches instead of outer envelopes when double envelopin#.
.ulpin# ma$ used for paper2based information. A#encies are to destro$ securit$ classified information usin# DC-C2approved destruction e?uipment' unless usin# an AD(8 approved destruction service. /o ensure all paper2based information is destro$ed to the re?uired particle siPe for the business impact of the compromise of the information' a#encies should refer to the AD(8 .rotective Decurit$ Circulars .DCs%! .DC )o. A3 E4ternal (estruction of -ational Security *lassified %atter' and .DC )o. J3 *lassified @aste (estruction.
:oth documents are available to ADAs from AD(82/4. A#encies should refer to the DC-C D-C for further details on destruction e?uipment. /he ,efence Di#nals ,irectorate can advise on selection and use of destruction e?uipment for (C/ media. Dee the (D6F.roduct securit$ and media securit$.
1.2B.1 #hredders
A#encies ma$ use shredders to destro$ paper and (C/ mediaFfor e>ample' C,s' sin#le and dual la$er ,V,s.
A2
Pa)er shredders Commercial strip shredders are not suitable for the destruction of classified or sensitive waste. An$bod$ wishin# to access the information will have little difficult$ reconstructin# the pa#es from the resultant strips. Cross cut shredders produce smaller pieces that are harder to reconstruct. /he smaller the particle siPe the more secure the results. A#encies are to use the followin# shredders to destro$ paper2based securit$ classified information! Class A shredder! ma>imum particle siPe 1 mm > 20 mmFsuitable for all levels of business impact. Class B shredder! ma>imum particle siPe 2.3 mm > 2A mmFsuitable for business impact levels up to and includin# hi#h.
Hhere possible a#encies should use a commercial crosscut shredder for paper waste for official information where the compromise has a business impact level up to and includin# medium. Alternativel$ the$ ma$ use an AD(82approved destruction compan$ for all levels of classified information up to D-C0-/' or /8. D-C0-/ when directl$ supervised b$ an a#enc$ officer. &or further details on selectin# shredders see the DC-C Security E1uipment *atalogue. IC0 media shredders A#encies should refer to the D-C to select DC-C2approved media shredders to destro$ (C/ media. &urther details on procedures for the destruction of official information is in the Australian Government information security management guidelines%arking and handling sensitive and security classified information.
A3
Anne& A'
/he followin# self assessment tool has been developed to assist a#encies in determinin# the Decurit$ Ione desi#nation for their facilities or areas. &rom this a#encies can decide the t$pes of ph$sical assets and classification of information that can be handled in the facilit$. A#encies should modif$ this tool to meet their policies and a#enc$ construction #uidelines.
7acility=Area details
&acilit$"area name Address ,etails of current" proposed uses
Additional risks
A#encies are to consider an$ ris9s to their people' information and ph$sical assets within their wor9 spaces. Hhere possible a#encies are to reduce an$ residual ris9s to an acceptable level. Hhere that is not possible a#encies are to reduce the li9elihood of an$ threats eventuatin# to an acceptable level' b$ appl$in# additional controls. Dee -rror! 0eference source not found and /able J! Additional controls to address specific ris9s for some e>amples of threats and controls. )o . Dpecific ris9s Additional controls re?uired to meet the ris9s
A4
- Construction to AD(8 Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ roomsFBedium ?B@
Construction to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms or usin# elements tested to AD 3AAA.1L2003F<igh ?<@ Construction to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms and Dupplement to the /echnical )ote L Physical Security of T)P SE*$ET areas1ery high ?1<@
AA
4o.
Control ty)e
Binimum re(uired for !ones 1 ,etermined b$ a#enc$ ris9 assessment 2 ,etermined b$ a#enc$ ris9 assessment 6% 3 = 4 A
)ut of hours alarm system .art of access control s$stem or AD 2201 class 1 or 2F/ AD 2201 class 3L4FB AD 2201 class AF< DC-C /$pe 1F1< 8n site #uards ma$ be used in lieu of an alarm s$stem in Iones /wo and /hree%
V= V=
)ut of hours alarm response 8ut of hours response from offsite R 30 minutesFB 8ut of hours response from offsite S 30 minutesF< 24"J onsite #uards with immediate responseF1< ma$ be used in lieu of an alarm s$stem in Iones /wo and /hree%
+ffecti#enes s achie#ed
!one achie#ed
AB
4o.
Control ty)e
Binimum re(uired for !ones 1 2 (f an alarm is used 6% ,etermined b$ a#enc$ ris9 assessment *% 3 6 4 6 A =
Access control system Card onl$ re?uired for accessF/ Dectionalised access s$stemFB ,ual authenticationF<
#ntegration of alarm and access control systems &ull$ inte#rated with buildin# mana#ement s$stemsF/ Alarm s$stem cannot be disabled b$ access control s$stemFB *imited one wa$ information e>chan#e from access control s$stem and disables access control s$stem when activatedF< Alarm s$stem is a standalone s$stem and disables the access control s$stem when activatedF 1<
V=
+ffecti#enes s achie#ed
!one achie#ed
AJ
4o.
Control ty)e
7isitor control Visitor re#isterF/ Visitor re#ister and escorted visitors in sensitive part of facilit$F B Visitor re#ister and escorted visitors in whole of PoneF < Visitor re#ister and visitors e>cluded unless there is an identified needF 1<
V= V=
9ocks and hard3are Commercial #rade loc9s fitted to doorsF4egligi*le ?4@ Commercial #rade loc9s and hardware fitted to all access pointsF B DC-C2approved loc9s and hardware fitted to all access pointsF <
+ffecti#enes s achie#ed
!one achie#ed
AN
4o.
Control ty)e
Aeying systems Commercial 9e$in# s$stemF/ Commercial restricted 9e$in# s$stemFB DC-C approved 9e$in# s$stemF<
Security containers and ca2inets Dee /able A! Delectin# securit$ containers or rooms to store official information Safes and vaults Dee /able B! Delectin# safes or vaults to protect valuable ph$sical assets **T7 coverage -ntr$"e>it covera#eF/ &ull perimeter covera#eFB (nternal access point covera#eFB CC/V inte#rated with electronic mana#ement s$stemF< Security lighting (nternal office li#htin# onl$F4 *i#htin# of e>terior e#ress pointsF/ &ull perimeter li#htin#F<
,etermined b$ a#enc$ information holdin#s ,etermined b$ a#enc$ ph$sical asset holdin#s ,etermined b$ a#enc$ ris9 assessment
+ffecti#enes s achie#ed
!one achie#ed
AK
4o.
Control ty)e
Perimeter access control Vehicle control measuresF/ .edestrian control measuresF/ .erimeter fences at least 2.4 m hi#hF4 -lectronic monitorin# incorporated into fencesFB to < #ndividual alarms ,uress alarms with 24"J monitorin# and immediate responseF B (ndividual ph$sical asset alarm circuit with response R 30 minutesF / (ndividual ph$sical asset alarm circuit with response S 30 minutesF B
+ffecti#enes s achie#ed
!one achie#ed
B0
Additional controls to address specific risks (nsert details Dee /able J! Additional controls to address specific ris9s for e>amples%
B1
!one accreditation
/o6est !one achie#ed in any control ty)e /his the ma>imum Pone ratin# achievable for the facilit$"area% Additional controls im)lemented to mitigate additional threats 4o. 1. 2. 3. 4. Ione ratin# depends on meetin# all re?uired certification. Dee /able 4! Dummar$ of certification re?uirements.% Assessin# officer@s name and position! Assessin# officer@s si#nature! ,ate! Additional certifications re(uired 4o. 1. 2. 3. 4. Certification re(uirement .ate certified Certifying officerCs name " " Control
Accreditin# officer@s name and position! Accreditin# officer@s si#nature! ,ate! " "
B2
Anne& B' Summary of e(ui)ment tested *y the Security Construction and +(ui)ment Committee and guidelines to assist agencies in selecting commercial e(ui)ment
/he Security E1uipment *atalogue D-C% is bein# pro#ressivel$ replaced b$ the Security e1uipment evaluated product list D--.*%. Dome ph$sical and administrative securit$ e?uipment that was previousl$ listed in the D-C will move to the D--.*. 8ther e?uipment' where commercial e?uipment is suitable' will no lon#er be listed. /o assist a#encies in selectin# commercial e?uipment the Decurit$ Construction and -?uipment Committee DC-C% is developin# the E1uipment selection guidelines. /he followin# table is a summar$ of the e?uipment that will be tested b$ DC-C and appear in the D--.* and #uidelines. /his list will be periodicall$ reviewed to meet the Australian 7overnment@s ph$sical securit$ needs.
S/1 Information and asset security Security detection systems /$pe 1 DAD :iometrics input devices and sub2s$stems Volumetric detection internal% Volumetric detection special purpose' e.#. (ntrinsicall$ safe devices% Dwitches balanced reed' etc.% -lectronic access control s$stems sensor elements' input devices etc.' e>cludin# complete s$stems -lectronic access control s$stems Qe$ switches L electrical Containers Container *oc9s Class A' : and C doors Class A' : and C modular rooms Class A' : and C containers Biscellaneous Qe$ cabinets base and intelli#ent cabinets% Dafes L protection of assets .oors Dtandalone access control devices 6ortice loc9s and stri9es 7uide to be developed 7uide to be developed DC-C DC-C DC-C DC-C 7uide to be developed 7uide to be developed DC-C DC-C )"A DC-C DC-C DC-C )"A 7uide to be developed 7uide to be developed DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C S/$ S/3 S/
B3
S/1 6a#netic loc9s -lectric stri9es -lectric mortice loc9s Peri)heral locking hard6are Qe$in# s$stems .adbolts .adloc9s chains and harps =in#e bolts Dtri9e shields and bloc9er plates Cable transfer hin#es ,oor closers .oors and access control )ortals .ortals ,oor operators ,oors Perimeter security ?facility )rotection@ Barriers Cable pits and plinths Active vehicle barriers &i>ed vehicle barriers &ences and #ates 5indo6s Hindow #rilles Hindow loc9s 7laPin# anti2shatter film Hindow #laPin# and frames Perimeter intrusion de#ices detection ?PI.S@ :arrier mounted .(,D 7round based .(,D Volumetric .(,D Video motion detection Administrati#e Deals Din#le use pouches Dhredders ,estructors 6ail securit$ DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C
S/$
7uide to be developed Commercial ?ualit$ Commercial ?ualit$ Commercial ?ualit$ Commercial ?ualit$ 7uide to be developed Commercial ?ualit$ Commercial ?ualit$ )ot currentl$ evaluated
DC-C DC-C
DC-C DC-C
DC-C DC-C
DC-C DC-C
DC-C DC-C
7uide to be developed 7uide to be developed 7uide to be developed AD(8 /ech note )o 2% 7uide to be developed 7uide to be developed Currentl$ not evaluated DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C
B4
S/1 :riefcases
S/$
S/3
S/
7uide to be developed
BA
Decurit$ .roviders Act 1KK3 Decurit$ and (nvesti#ation A#ents Act 1KKA Decurit$ and (nvesti#ations A#ents Act 2002 .rivate Decurit$ Act 2004 Decurit$ and 0elated Activities Control% Act 1KKB
BB
BJ
/AD 8=TD le#islation and re#ulations V(C Durveillance ,evices Act 1KKK Durveillance ,evices 0e#ulations 200B .rivate Decurit$ Act 2004 V(C% .rivate Decurit$ 0e#ulations 200A V(C% V(C 8=TD le#islation and re#ulations HA Durveillance ,evices Act 1KKN Durveillance ,evices 0e#ulations 1KKK Decurit$ and 0elated Activities Control% Act 1KKB HA% Decurit$ and 0elated Activities Control% 0e#ulations 1KKJ HA% HA 8=TD le#islation and re#ulations -lectrical safet$ Acts and 0e#ulations applicable in the relevant state or territor$ also need to be considered
BN
Anne& +/
:ur#lar$ resistant
Dafes and vaults are #enerall$ split up into three distinct cate#ories. /hese are!
=$brid safes that cross between fire resistant and bur#lar$ resistant provide a level of dela$ from fire and theft. /he maMorit$ of safes will fall into one of the above cate#ories' with little cross over to other cate#ories. A bur#lar$ resistant safe should not be used to protect documents or media from fire' Must as fire safes should not be used to protect cash.
Bedia safes
BK
6edia safes or data safes% are desi#ned to protect photo#raphs' hard drives' optical media and other media t$pes from fire. /he$ are #enerall$ an e>tension of a fire safe' in that the$ offer the same amount of fire resistance with e>tra conditions. /he ma>imum internal temperature that can be reached is much lower around A0UC% and the humidit$ must remain low. /his is because moisture and heat corrupt or destro$ data carriers. /he achievement of the low heat' low humidit$ safe is usuall$ achieved b$ insertin# a special bo> inside an e>istin# fire safe' or b$ buildin# it in. A water resistant seal ensures that water used to e>tin#uish the fire does not affect the contents. &ire resistant and or data safes that are measured a#ainst Dtandards #enerall$ offer little protection from ph$sical attac9.
1aults
Vaults or stron#rooms are rooms that are desi#ned to provide the same dela$ for the door and walls. /hese are used where a hi#h stora#e capacit$ is re?uired. 6anufacturers offer either modular or base buildin# construction dependin# on the re?uirements. /he$ are normall$ desi#ned and manufactured b$ safe manufacturers.
Cash ratings
(n Australia most manufacturers rel$ upon insurable ratin#s that are accepted b$ insurance companies if there is a loss. (nsurable ratin#s are normall$ stated as supported or unsupported' su##estin# whether or not an alarm s$stem is providin# ade?uate protection of the safe or vault. /he supported insurable ratin# ma$ increase the insurable ratin# each insurer provides for their minimum level before acceptin# a ris9. /hese insurable ratin#s are a #ood indication of the securit$ offered b$ the safeG the hi#her the value the hi#her the securit$. /he insurable ratin# of the safe should reflect the value of the contents bein# held. 6ost Australian manufacturers will use insurable ratin#s in lieu of a reco#nised Dtandard.
J0