General
This section implements CSU Information Security Policy 8080.00.
Physical Access to ITS Computing Resources
Business Practice
The Business Practice for Access for Physical Access to ITS Facilities, BP-03-003, regulates physical access to ITS computing resources, including workstations, data centers, data closets, and all other resources.
Security Sensitive Areas
All data center's and data closets are designated as security sensitive areas. Access to these spaces is permitted only by authorization of the Manager, IT Infrastructure. ITS Business Practice BP-03-003 prescribes procedures for employee and non-employee access to security sensitive areas.
ITS Computing Resources not in Security Sensitive Areas
Each person assigned a workstation, laptop, or other information system or asset must take adequate measures to physically secure that asset. “Adequate measures” includes locking the workstation to prevent theft, and locking the screen or logging out of the system when it is unattended. If the workstation’s screen cannot be locked, or the workstation cannot be secured in such a way as to prevent theft, physical access to the room or space the workstation is located in must be secured.