Security Zones and Risk Mitigation Control Measures

Physical security management guidelines
Security zones and risk mitigation control measures
Approved 21 June 2011 Version 1.4
Commonwealth of Australia 2011 All material presented in this publication is provided under a Creative Commons Attribution 3.0 Australia http!""creativecommons.or#"licenses"b$"3.0"au"deed.en % licence. &or the avoidance of doubt' this means this licence onl$ applies to material as set out in this document. ()C*+,-.(C/+0- 1http!""www.bud#et.#ov.au"2010211"content"bp1"ima#e"bp13prelims2 2.#if1 45 6-07-&806A/()-/ /he details of the relevant licence conditions are available on the Creative Commons website accessible usin# the lin9s provided% as is the full le#al code for the CC :; 3.0 A+ licence http!""creativecommons.or#"licenses"b$"3.0"le#alcode %. Use of the Coat of Arms /he terms under which the Coat of Arms can be used are detailed on the (t<s an =onour http!""www.itsanhonour.#ov.au"coat2arms"inde>.cfm% website. Contact us (n?uiries re#ardin# the licence and an$ use of this document are welcome at! :usiness *aw :ranch Attorne$27eneral@s ,epartment 32A )ational Cct :A0/8) AC/ 2B00 /elephone! 02% B141 BBBB cop$ri#htCa#.#ov.au
,ocument details Decurit$ classification ,issemination limitin# mar9in# ,ate of securit$ classification review Authorit$ Author ,ocument status +nclassified .ublicl$ available Jul$ 2013 .rotective Decurit$ .olic$ Committee .rotective Decurit$ .olic$ Dection Attorne$27eneral@s ,epartment Approved 21 June 2011 Amended Deptember 2012
Contents Introduction................................................................................................................................ 1 1.1 1.2 .urpose........................................................................................................................... 1 Audience.......................................................................................................................... 1
Australian 7overnment securit$ mana#ement staff...............................................................1 contractors to the Australian 7overnment providin# ph$sical securit$ advice and services' and............................................................................................................................................ 1 an$ other bod$ or person responsible for the securit$ of Australian 7overnment people' information or ph$sical assets...................................................................................................1 1.3 Dcope.............................................................................................................................. 1 within Australian 7overnment facilities .................................................................................1 facilities handlin# Australian 7overnment information and ph$sical assets' or .....................1 where Australian 7overnment emplo$ees are located..........................................................1 1.3.1 +se of specific terms in these #uidelines.....................................................................1 Eneed to@Frefers to a le#islative re?uirement that a#encies must meet................................1 Eare re?uired to@ or Eis re?uired to@Frefer to a control!...........................................................1 to which a#encies cannot #ive a polic$ e>ception' or............................................................1 used in other protective securit$ documents that set controls...............................................1 Eare to@ or Eis to@Fare directions re?uired to support compliance with the mandator$ re?uirements of the ph$sical securit$ core polic$' and..............................................................2 Eshould@Frefers to better practiceG a#encies are e>pected to appl$ better practice unless there is a reason based on their ris9 assessment to appl$ alternative controls.........................2 Background................................................................................................................................ 3 1.4 Hh$ the #uidelines were developed.................................................................................3 the business impact of information' people and ph$sical assets...........................................3 the level of control re?uired to!..............................................................................................3 meet the threat environment.................................................................................................3 #ive suitable protection to information' people and ph$sical assets......................................3 provide assurance to other a#encies for information sharin#' and........................................3 the t$pes of controls that are suitable...................................................................................3 aid in establishin# consistent terminolo#$ for ph$sical securit$ across the Australian 7overnment' and...................................................................................................................... 3 #ive a#encies a framewor9 for the assurance needed to share information and ph$sical assets....................................................................................................................................... 3 1.A 1.B 0elationship to other documents......................................................................................3 Dtructure of these #uidelines............................................................................................3
ris9 miti#ation and assurance measures...............................................................................3
ii
the Decurit$ Iones methodolo#$ and re?uirements..............................................................3 details of individual control measures' and...........................................................................3 a chec9list for a#encies reviewin# ph$sical securit$ measures.............................................3 Risk mitigation and assurance measures................................................................................ reduce the residual ris9s to an acceptable level to the a#enc$' or where this is not possible' lower the li9elihood of compromise' loss of availabilit$' or loss of inte#rit$ as much as possible' then............................................................................................................................ 4 appl$ minimum controls determined b$ the business impact level of the compromise' loss of availabilit$ or loss of inte#rit$ of the information........................................................................4 1.J /he ris9 mana#ement process.........................................................................................4 the Australian Dtandard AD")ID (D8 31000!200K 0is9 6ana#ement L .rinciples and #uidelines' and ......................................................................................................................... 4 the Australian Dtandards =: 1BJ!200B Decurit$ ris9 mana#ement ......................................4 1.J.1 Additional re?uirements to meet specific threats.........................................................A A#enc$ pro#ramsFinherent ris9s in a#enc$ pro#rams.........................................................B .ublic 9nowled#e of facilit$ usesFran#in# from no public 9nowled#e to full public 9nowled#e of contentious pro#rams underta9en at the facilit$..................................................B *evel of nei#hbourhood crimeFran#in# from occasional minor crime to re#ular maMor or or#anised crime........................................................................................................................ B Client violenceFran#in# from occasional non2confrontational contact with clients to re#ular client contact which ma$ lead to violence.................................................................................B .ublic violenceFran#in# from little to no public contact to re#ular public protests that ma$ be violent.................................................................................................................................. B /errorismFwhich ma$ lead to violence a#ainst personnel or facilities' or covert access to sensitive information................................................................................................................. B Dhared facilitiesFran#in# from sin#le use facilities to co2tenancies with private hi#h ris9 tenants. Hor9 areas within an a#enc$ with diverse pro#rams ma$ also be considered as sharin# facilities%....................................................................................................................... B Attractiveness of information and ph$sical assetsFran#in# from little value to information and ph$sical assets that are attractive to #roups of securit$ concern' includin# forei#n intelli#ence services' issue motivated #roups' trusted insiders.................................................B 1.N Assurance re?uired for information and ph$sical asset sharin#.......................................B 1.N.1 Assurance for securit$ classified ph$sical assets........................................................J an$ re?uirements imposed b$ the asset owner' or................................................................J the a#enc$@s ris9 assessment and the conse?uences of the assets compromise loss or dama#e..................................................................................................................................... J 1.K Dite securit$ plans............................................................................................................ J measures that are scalable to meet increases in threat levels..............................................J the location and nature of the site.........................................................................................J whether the a#enc$ has sole or shared ownership or tenanc$ of the site.............................J
iii
whether the public or other non2a#enc$ personnel have a ri#ht of entr$ to the site...............J what securit$ classification of information is to be stored' handled' processed or otherwise used in each part of the site......................................................................................................N (C/ assets' includin#' but not limited to' data' software' hardware and portable e?uipment such as laptops' personal electronic devices............................................................................N (C/2related e?uipment for e>ample' file servers' wor9stations' terminals' main distribution frames and cablin#% and utilities................................................................................................N an$ other resources that will be on the site ..........................................................................N an indication of whether ever$ part of the site is intended to have the same level of securit$ ................................................................................................................................................. N what protective measures will be re?uired for!......................................................................N the site as a whole................................................................................................................ N particular areas within the site for e>ample' part of a floor which will hold information of a hi#her classification than the rest of the site%............................................................................N what differin# measures will be re?uired for!.........................................................................N stora#e' handlin# and processin# of securit$ classified information' and..............................N securit$ classified or otherwise sensitive discussions and meetin#s. ...................................N 1.K.1 Critical path................................................................................................................. N probabilit$ of detectionFthe cumulative probabilit$ of detectin# an adversar$......................N cumulative dela$Fthe combined minimum dela$ time alon# the adversar$ path..................K responseFthe time for a response to reach a point of detection' and..................................K interruptionFoccurs when the response time is less than the dela$ provided' measured from the first point of detection..................................................................................................K 1.K.2 Crime prevention throu#h environmental desi#n C./-,%..........................................K ,esi#nin# 8ut Crime! crime prevention throu#h environmental desi#n an earl$ publication from the Australian (nstitute of Criminolo#$ focusin# on household crimeG the concepts are transferable to or#anisations. ...................................................................................................K Crime .revention throu#h -nvironmental ,esi#n 7uidelines for Oueensland a Oueensland .olice publication released in 200J. .........................................................................................K Security !ones.......................................................................................................................... 1" unauthorised or covert access' and....................................................................................10 forcible attac9...................................................................................................................... 10 hi#hl$ resistant to covert attac9 to protect information' or ..................................................10 hi#hl$ resistant to forcible attac9 to protect assets..............................................................10 1.K.3 *a$erin# of Iones......................................................................................................13 low to medium business impact levelsFma$ onl$ need Ione 8ne or Ione /wo................13 up to and includin# hi#h to ver$ hi#h business impact levelsFma$ need Ione 8ne and Ione /wo................................................................................................................................ 13 up to and includin# e>treme business impact levelsFma$ need Iones 8ne to /hree' and13
iv
up to and includin# catastrophic business impact levelsFma$ need Iones 8ne to &ive....13 Dee the Australian 7overnment protective securit$ #overnance #uidelinesF:usiness impact levels........................................................................................................................... 13 1.K.4 Ione re?uirements....................................................................................................1A the compromise' loss of inte#rit$ or unavailabilit$ of information' and.................................1A the compromise' loss or dama#e of ph$sical assets...........................................................1A 1.K.A Accreditation of Iones...............................................................................................1K Indi#idual control elements.....................................................................................................$$ 1.10 +se of DC-C2approved products.................................................................................22 securit$ products that primaril$ focus on protectin# securit$ classified information of which the compromise' loss of inte#rit$ or unavailabilit$ would result in a business impact level of hi#h or above.......................................................................................................................... 22 products that prevent widespread loss of life' and..............................................................22 other securit$ products that re?uire specialist testin#..........................................................22 1.11 :uildin# construction....................................................................................................22 1.11.1 Construction of buildin#s.........................................................................................22 blast miti#ation measures...................................................................................................23 forcible attac9 and ballistic resistance.................................................................................23 road and public access paths..............................................................................................23 li#htin# in addition to securit$ li#htin#%...............................................................................23 hostile vehicle miti#ation' and.............................................................................................23 elements of crime prevention throu#h environmental desi#n C./-,%...............................23 AD 3AAA.1!2003 :uildin# elementsF/estin# and ratin# for intruder resistanceF(ntruder2 resistant panels. /his standard provides #uidance on ver$ hi#h #rade intruder resistance such as for hi#h securit$ vaults%..............................................................................................23 AD")ID 2343!1KKJ :ullet2resistant panels and elements...................................................23 AD(8 /echnical )ote L .h$sical Decurit$ of Decure Areas"D01 0ooms' and.....................23 Dupplement to the /echnical )ote L .h$sical Decurit$ of /8. D-C0-/ Areas ................23 1.12 Alarm s$stems.............................................................................................................24 uni?uel$ identifiable to an individual....................................................................................24 not recorded b$ the individual' and.....................................................................................24 re#ularl$ chan#ed in accordance with the a#enc$@s ris9 assessment..................................24 perimeter or e>ternal% intrusion detection s$stems .(,D% or alarms' and ........................24 internal securit$ alarm s$stems DAD%................................................................................24 1.12.1 ->ternal alarms.......................................................................................................2A 1.12.2 DC-C /$pe 1 DAD..................................................................................................2A DC-C2approved /$pe 1 DAD in all Iones &our and &ive....................................................2A
DC-C2endorsed securit$ Pone consultants to desi#n and commission DC-C /$pe 1 DAD in accordance with the re?uirements of the /$pe 1 DAD (mplementation and 8peration 7uide' and.......................................................................................................................................... 2A DC-C2approved detection devices with an$ DC-C /$pe 1 DAD.........................................2A 1.12.3 Commercial alarm s$stems.....................................................................................2A whether a commercial DAD is re?uired at their facilities' includin# an$ temporar$ sites' as part of their ris9 miti#ation strate#ies' and...............................................................................2A the specifications for an$ such s$stem................................................................................2A AD")ID 2201 Det!200N (ntruder alarm s$stems set!...........................................................2B AD")ID 2201.1!200J (ntruder alarm s$stemsFClient<s premisesF,esi#n' installation' commissionin# and maintenance............................................................................................2B AD 2201.2!2004 (ntruder alarm s$stemsF6onitorin# centres............................................2B AD 2201.3!1KK1 (ntruder alarm s$stemsF,etection devices for internal use.....................2B AD")ID 2201.A!200N (ntruder alarm s$stemsFAlarm transmission s$stems.....................2B 1.13 (ndividual alarm options...............................................................................................2B duress alarms..................................................................................................................... 2B individual item alarms' or alarm circuits' and......................................................................2B vehicle alarms..................................................................................................................... 2B 1.13.1 ,uress alarms......................................................................................................... 2B remotel$ monitored duress alarms' and..............................................................................2J alarms that produce loud noise on activation......................................................................2J enable emplo$ees to raise an alarm discreetl$' and...........................................................2J be au#mented b$ procedures that provide an appropriate response..................................2J all relevant staff are aware of and have re#ular trainin# and trials with the duress alarm ...2J the duress alarm is confi#ured as part of an intruder alarm s$stem that complies with AD")ID 2201 Det!200N' and ..................................................................................................2J the alarm panel is located within the protection Pones of the alarm s$stem in accordance with AD")ID 2201 Det!200N...................................................................................................2J 1.13.2 (ndividual item alarm"alarm circuit...........................................................................2J pressure switches...............................................................................................................2J motion sensors................................................................................................................... 2J CC/V activated alarms' and...............................................................................................2J radio fre?uenc$ identification 0&(,% ta# s$stems...............................................................2N 1.13.3 Vehicle alarm...........................................................................................................2N 1.14 Access control s$stems................................................................................................2N ps$cholo#ical or s$mbolic barriersFfor e>ample' Crime prevention throu#h environmental desi#n C./-,%...................................................................................................................... 2N securit$ staff ph$sicall$ located at entr$ and e>it points......................................................2N
vi
securit$ staff located at central points who monitor and control entr$ and e>it points usin# intercoms' videophones' closed circuit television cameras and similar devices......................2N mechanical loc9in# devices operated b$ 9e$s or codes' and..............................................2N electronic access control s$stems -ACD%..........................................................................2N what $ou haveF9e$s' (, cards' passes' etc.......................................................................2N what $ou 9nowF.()s' etc..................................................................................................2N who $ou areFvisual reco#nition' biometrics' etc................................................................2N 1.14.1 ,ual authentication..................................................................................................2K 1.14.2 -lectronic access control s$stems...........................................................................2K see9 specialist advice when selectin# -ACD' and..............................................................2K use a desi#ner or installer recommended b$ the manufacturer to desi#n and commission them........................................................................................................................................ 2K /he )ational (nstitute of Dtandards and /echnolo#$ +D ,ept of Commerce% publication' A 0ecommendation for the +se of .(V Credentials in .h$sical Access Control D$stems .ACD%' and ......................................................................................................................................... 30 AD A1NA!2010 .rotocol for li#htwei#ht authentication of identit$ .*A(,%' which #ives advice on confirmin# identit$ for access to lo#ical s$stems................................................................30 1.14.3 (dentit$ cards...........................................................................................................30 worn b$ emplo$ees and clearl$ displa$ed at all times in a#enc$ premises.........................30 uni?uel$ identifiable' and....................................................................................................30 audited re#ularl$ in accordance with the a#enc$@s ris9 assessment....................................30 card ma9in# e?uipment' and...............................................................................................30 spare' blan9 or returned cards............................................................................................30 1.1A 1.1B (nteroperabilit$ of alarm s$stem and other buildin# mana#ement s$stems..................31 Visitor control............................................................................................................... 31
are able to show a suitable form of identification.................................................................31 have a le#itimate need for unescorted entr$ to the area' and.............................................31 have the appropriate securit$ clearanceG see the Australian 7overnment personnel securit$ protocol................................................................................................................................... 31 worn at all times.................................................................................................................. 31 collected at the end of the visit............................................................................................31 disabled on return if the passes #ive access to an$ a#enc$ access control s$stems' and. 31 chec9ed at the end of the da$ and' where the passes are reusable' action ta9en to disable and recover an$ not returned. ................................................................................................31 facilit$ reception areas' or...................................................................................................32 entr$ to individual securit$ Pones........................................................................................32 1.1B.1 Visitor re#isters........................................................................................................32 the name of the visitor.........................................................................................................32
vii
the visitor@s a#enc$ or firm or' in the case of private individuals' their private address........32 the name of the emplo$ee to be visited...............................................................................32 the times of the visitor@s arrival and departure' and.............................................................32 the reason for visit............................................................................................................... 32 1.1B.2 0emoval of persons from a#enc$ premises.............................................................32 advise the person that the officer is a person authorised under the .ublic 8rder .rotection of .ersons and .ropert$% Act 1KJ1' or an Authorised Commonwealth 8fficer under the Crimes Act 1K14................................................................................................................................. 32 initiall$ see9 the person@s cooperation to cease the behaviour and"or to leave the premises ............................................................................................................................................... 32 as9 the person to stop the behaviour and warn them the$ could be re?uired to leave the premises immediatel$.............................................................................................................32 if the person does not stop the unacceptable behaviour' advise them that due to their behaviour the a#enc$ head' person authorised or an Authorised Commonwealth 8fficer is withdrawin# permission for them to be on the premises.........................................................33 re?uest the person to leave the premises immediatel$' and...............................................33 warn the person that the police will be called if the$ remain' and of the possible le#al conse?uences of non2compliance with the re?uest to leave...................................................33 1.1B.3 Access b$ the media...............................................................................................33 a desi#nated emplo$ee should accompan$ media representatives throu#hout the visit.....33 securit$ classified information is loc9ed awa$ preferable% or at least protected from view. 33 additional restrictions are considered when appropriate' such as handin# in mobile phones and other recordin# and communications e?uipment' and......................................................33 the a#enc$ media liaison unit or public affairs area is consulted about the arran#ements. ............................................................................................................................................... 33 1.1J 0eceptionists and #uards.............................................................................................33 1.1J.1 8ut2of2hours #uardin#.............................................................................................34 for Ione /hreeFwithin ever$ four hours' and.....................................................................34 for other areas based on an a#enc$@s ris9 assessment......................................................34 1.1N *oc9s and door hardware.............................................................................................34 1.1N.1 *oc9s....................................................................................................................... 34 secure all access points to their premises includin# doors and operable windows' usin# commercial #rade or DC-C2approved loc9s and hardwareG these loc9s ma$ be electronic' combination or 9e$ed..............................................................................................................3A #ive combinations' 9e$s and electronic to9ens the same level of protection as the most valuable information or ph$sical asset contained b$ the loc9' and..........................................3A use DC-C2approved loc9s and hardware in Iones &our and &ive' see the DC-C Decurit$ -?uipment Catalo#ue.............................................................................................................3A AD 414A.2!200N *oc9sets and hardware for doors and windowsF6echanical loc9sets for doors and windows in buildin#s..............................................................................................3A
viii
1.1N.2 Qe$in# s$stems.......................................................................................................3A le#al controls' for e>ample re#istered desi#ns' patents......................................................3A levels of difficult$ in obtainin# or manufacturin# 9e$ blan9s and the machiner$ used to cut duplicate 9e$s' and.................................................................................................................3A levels of protection a#ainst compromise techni?ues' for e>ample pic9in#' impressionin#' decodin#................................................................................................................................. 3A the level of protection provided a#ainst common forms of compromise .............................3A the len#th of le#al protection offered b$ the manufacturer .................................................3A supplier protection of a#enc$ 9e$in# data within supplier facilit$.........................................3A the transferabilit$ of the s$stem and an$ associated costs' and..........................................3A commissionin# and on#oin# maintenance costs.................................................................3A 1.1N.3 Qe$ control..............................................................................................................3J 9e$ number......................................................................................................................... 3J name' position and location of person holdin# the 9e$........................................................3J date and time issued' and...................................................................................................3J date and time returned or reported lost...............................................................................3J mana#ers should approve the removal' and.......................................................................3J a#encies should increase the fre?uenc$ of 9e$ audits........................................................3J 1.1N.4 Combination settin#s...............................................................................................3N when a container is first received b$ the a#enc$.................................................................3N after servicin# the loc9........................................................................................................ 3N after a chan#e of custodian or other person 9nowin# the combination................................3N when there is reason to believe the settin# has been' or ma$ have been' compromised....3N in an$ case' not less fre?uentl$ than ever$ si> months' or..................................................3N when the container is disposed of b$ resettin# the loc9 to the manufacturer@s settin#.........3N 1.1N.A ,oors....................................................................................................................... 3N solid core timber.................................................................................................................3N metal framed insert panel...................................................................................................3N metal clad solid core or hollow core....................................................................................3N #lass swin# openin#............................................................................................................ 3N rotatin# #lass' and..............................................................................................................3N #lass slidin#' sin#le and double..........................................................................................3N 1.1K CC/V covera#e........................................................................................................... 3K site access points' includin# internal access to hi#her securit$ Pones ...............................3K full site perimeter covera#e' or............................................................................................3K access to specific ph$sical assets or wor9 areas................................................................3K
i>
how its use fits into the conte>t of the overall securit$ plan of the site.................................3K the t$pe of incident anticipated and in what wa$ it will be e>pected to help the response to these incidents........................................................................................................................ 3K the need to advise staff and clients that it is in use on the premises' and...........................3K the functional re?uirement..................................................................................................3K AD 4N0B Det!200N CC/V Det!............................................................................................40 AD 4N0B.1!200B Closed circuit television CC/V%F6ana#ement......................................40 AD 4N0B.2!200B Closed circuit television CC/V%FApplication #uidelines........................40 AD 4N0B.3!200B Closed circuit television CC/V%F.A* si#nal timin#s.............................40 AD 4N0B.4!200N Closed circuit television CC/V%F0emote video.....................................40 1.20 1.21 Decurit$ li#htin#............................................................................................................ 40 .erimeter access control..............................................................................................40
fences and walls.................................................................................................................40 pedestrian barriers' and......................................................................................................40 vehicular barriers................................................................................................................40 1.21.1 &ences and walls.....................................................................................................41 :D1J22F12!200B &ences 2 Dpecification for steel palisade fences...................................41 :D1J22L14!200B &encesFDpecification for open mesh steel panel fences ......................41 AD 1J2A!2003 Chain2lin9 fabric securit$ fencin# and #ates Chain lin9 fences provide minimal securit$ unless used in conMunction with other securit$ measures such as .(,D%......41 AD")ID 301B!2002 -lectrical installationsF-lectric securit$ fences..................................41 1.21.2 .edestrian barriers..................................................................................................41 1.21.3 Vehicle barriers.......................................................................................................41 1.22 Decurit$ containers and cabinets.................................................................................41 the level of classification.....................................................................................................42 the value and attractiveness of the information or ph$sical assets to be stored..................42 the location of the information or ph$sical assets within a facilit$........................................42 the structure and location of the buildin#.............................................................................42 access control s$stems' and...............................................................................................42 other ph$sical protection s$stemsFfor e>ample' loc9s and alarms....................................42 lower the li9elihood of compromise of information when ph$sical assets are stolen' and....42 help investi#ators determine the reason for an$ incidents involvin# unauthorised access.. 42 compromise of the a##re#ation of information on the ph$sical asset' or ............................42 loss of the ph$sical asset...................................................................................................42 1.22.1 DC-C2approved securit$ containers........................................................................42
>
Class AF,esi#ned to protect information that has an e>treme or catastrophic business impact level in hi#h ris9 situations. /hese containers are e>tremel$ heav$ and ma$ not be suitable for use in some buildin#s with limited floor loadin#s..................................................42 Class :F,esi#ned to protect information that has an e>treme or catastrophic business impact level in low ris9 situations and information that has a hi#h or ver$ hi#h business impact level in hi#her ris9 situations. /hese containers are robust filin# cabinets or compactuses fitted with a combination loc9. /here are broadl$ two t$pes!..................................................42 heav$ t$pes suitable for use where there are minimal other ph$sical controls' and ...........42 li#hter models desi#ned for use in conMunction with other ph$sical securit$ measures. .....42 Class CF,esi#ned to protect information that has up to an e>treme business impact level in low ris9 situations' and information that has a medium business impact level in hi#her ris9 situations. /hese containers are fitted with a DC-C2approved restricted 9e$ed loc9 and are of similar construction to the li#hter Class : containers..............................................................42 information with a low to medium business impact and a DC-C2approved container is not re?uired' or ............................................................................................................................ 43 hi#her level information within a DC-C2approved securit$ room.........................................43 1.22.2 Commercial safes and vaults..................................................................................43 fire resistant either document or data%...............................................................................43 bur#lar$ resistant' or........................................................................................................... 43 a combination of both..........................................................................................................43 :asic! suitable for homes' small businesses' offices' etc....................................................43 Commercial! suitable for medium retail' real estate a#ents' etc..........................................43 6edium securit$! suitable for lar#e retail' post offices' etc..................................................43 =i#h securit$! suitable for financial institutions' clubs' etc...................................................43 ->tra hi#h securit$ vaults onl$%! suitable for hi#h volume financial institutions' etc............43 -) 144A0FDecure stora#e units. 0e?uirements' classifications and methods of test for resistance to bur#lar$. Decure safe cabinets.........................................................................43 +* BNJF:ur#lar$2resistant safes.......................................................................................43 +* J2F/ests for fire resistance of records protection e?uipment.......................................43 J(D D 103JFDtandard fire test............................................................................................43 QD7 4A00F&ire resistant...................................................................................................43 1.22.3 Vehicle safes........................................................................................................... 44 1.23 1.24 Decurit$ rooms' stron#rooms and vaults......................................................................44 8ther controls..............................................................................................................4N
1.24.1 Vehicle immobilisation.............................................................................................4K automatic immobilisation of a vehicle when not in use and re?uires the 9e$ or electronic to9en to start the vehicle' or....................................................................................................4K remote immobilisation' normall$ in conMunction with a remote trac9in# and alarm s$stem that can disable a vehicle while in use....................................................................................4K
>i
1.24.2 &ront counters and interview or meetin# rooms......................................................4K 1.24.3 6ailrooms and deliver$ areas..................................................................................4K 1.24.4 /echnical surveillance counter measures and audio securit$..................................4K before an event................................................................................................................... 4K as part of a pro#rammed technical securit$ inspection or surve$' or...................................4K as a result of a concern followin# a securit$ breachFfor e>ample' the unauthorised disclosure of a sensitive discussion........................................................................................4K areas where /8. D-C0-/ discussions are re#ularl$ held' or the compromise of other discussions ma$ have a catastrophic business impact' and ..................................................A0 before conferences and meetin#s where /8. D-C0-/ discussions are to be held. .........A0 1.24.A Conference securit$................................................................................................A0 prevent unauthorised people #ainin# access to official information or ph$sical assets.......A0 protect the people attendin# the conference.......................................................................A0 protect propert$ from dama#e' and.....................................................................................A0 ensure the proceedin#s are conducted without disruption..................................................A0 Physical security elements in administrati#e security..........................................................%1 a#enc$ personnel transportin# small ph$sical assets and information out of a#enc$ premises' or transferrin# hard cop$ information to other a#encies usin#!...............................A1 securit$ briefcases..............................................................................................................A1 sin#le use pouches............................................................................................................. A1 reusable pouches and containers' and...............................................................................A1 seals................................................................................................................................... A1 destruction of classified information' usin#' for e>ample' disinte#rators and shredders......A1 1.2A /ransportin# information and ph$sical assets..............................................................A1 1.2A.1 Valuable ph$sical assets.........................................................................................A1 1.2A.2 Classified information..............................................................................................A1 paper envelopes and seals for inner envelopes' or ............................................................A2 outer envelopes in double envelopin#.................................................................................A2 1.2B ,estruction e?uipment.................................................................................................A2 shreddin#............................................................................................................................ A2 pulverisin#' and................................................................................................................... A2 disinte#ratin#...................................................................................................................... A2 .DC )o. A3 ->ternal ,estruction of )ational Decurit$ Classified 6atter' and....................A2 .DC )o. J3 Classified Haste ,estruction.........................................................................A2 1.2B.1 Dhredders................................................................................................................A2 Class A shredder! ma>imum particle siPe 1 mm > 20 mmFsuitable for all levels of business impact..................................................................................................................................... A3
>ii
Class : shredder! ma>imum particle siPe 2.3 mm > 2A mmFsuitable for business impact levels up to and includin# hi#h................................................................................................A3 Anne& A' Physical security measures checklist....................................................................% slab2to2slab construction at all e#ress points' or.................................................................AA tamper evident ceilin#' or ...................................................................................................AA Construction to AD(8 /echnical )ote L .h$sical Decurit$ of (ntruder 0esistant Areas"D02 roomsF6edium 6%...............................................................................................................AA Anne& B' Summary of e(ui)ment tested *y the Security Construction and +(ui)ment Committee and guidelines to assist agencies in selecting commercial e(ui)ment ..................................................................................................................................... ,3 Anne& C' Summary of -urisdictional guard licencing legislation.........................................,, Anne& .' /egislation co#ering CC01 installation and usage...............................................,2 Anne& +' Safe and #ault ty)es................................................................................................,3 :ur#lar$ resistant ............................................................................................................... BK &ire resistant documents%.................................................................................................BK 6edia data% safes ............................................................................................................. BK
>iii
Amendments
4o. 1. 2. 3. 4. A. B. J. .ate Deptember 2011 Deptember 2011 ,ecember 2011 ,ecember 2011 Deptember 2012 Deptember 2012 Deptember 2012 /ocation /able 3 and Dection A.B Anne> A 2 access control .a#e 40 A.A.2 /able 4 and A.3.2 +pdate 1.3.1 and remove Anne> : A.1A.A Conference securit$ Amendment Clarif$ re?uirements for interoperabilit$ of DAD and -ACD Correct dual authentification re?uirement to Ione A onl$ 0eplace reference to Esevere@ business impact with Ee>treme@. Correct Australian Dtandard reference from AD4N1A to AD41NA (nclude reference to /$pe 1 documentation in certification re?uirement 0eference PSPFGlossary of Terms +pdate reference to Australian Government physical security management guidelinesEvent Security
>iv
Introduction
1.1 Pur)ose
/he Australian Government physical security management guidelinesSecurity zones and risk mitigation control measures provide #uidance on achievin# a consistent approach to determinin# ph$sical securit$ controls in a#enc$ facilities. /he$ aid a#encies to protect their people' information and ph$sical assets.
1.2
Audience
/his document is intended for! Australian 7overnment securit$ mana#ement staff contractors to the Australian 7overnment providin# ph$sical securit$ advice and services' and an$ other bod$ or person responsible for the securit$ of Australian 7overnment people' information or ph$sical assets.
1.3
Sco)e
/hese #uidelines relate to ph$sical securit$ measures! within Australian 7overnment facilities facilities handlin# Australian 7overnment information and ph$sical assets' or where Australian 7overnment emplo$ees are located.
4ote! Hhere le#islative re?uirements are hi#her than controls identified in these #uidelinesF le#islative controls ta9e precedence and are to be applied. A#encies are to protect an$ information or ph$sical assets provided b$ another #overnment in accordance with international a#reements' see PSPFGovernance arrangements4 !" #nternational security agreements. /hese #uidelines include advice on the Australian 7overnment@s e>pectations for the protection of Australian information and ph$sical assets b$ forei#n #overnments.
1.3.1 Use of specific terms in these guidelines

(n these #uidelines the terms! Eneed to@Frefers to a le#islative re?uirement that a#encies must meet Eare re?uired to@ or Eis re?uired to@Frefer to a control!
to which a#encies cannot #ive a polic$ e>ception' or used in other protective securit$ documents that set controls
Eare to@ or Eis to@Fare directions re?uired to support compliance with the mandator$ re?uirements of the ph$sical securit$ core polic$' and Eshould@Frefers to better practiceG a#encies are e>pected to appl$ better practice unless there is a reason based on their ris9 assessment to appl$ alternative controls.
&or details on polic$ e>ceptions see the Australian Government physical security management protocol' section 1.4. Additional terms used in these #uidelines are defined in the PSPFGlossary of Terms.
Background
1.4 5hy the guidelines 6ere de#elo)ed
/he Australian Government physical security management guidelinesSecurity zones and risk mitigation control measures provide a consistent and structured approach to determinin#! the business impact of information' people and ph$sical assets the level of control re?uired to!
meet the threat environment #ive suitable protection to information' people and ph$sical assets provide assurance to other a#encies for information sharin#' and the t$pes of controls that are suitable.
/he #uidelines will! aid in establishin# consistent terminolo#$ for ph$sical securit$ across the Australian 7overnment' and #ive a#encies a framewor9 for the assurance needed to share information and ph$sical assets.
1.A
Relationshi) to other documents
/hese #uidelines support the implementation of the .rotective Decurit$ .olic$ &ramewor9 .D.&%. (n particular' the$ support the Australian Government physical security protocol. /he$ are part of a suite of documents that aid a#encies to meet their ph$sical securit$ re?uirements. /he protocol and #uidelines are available from www.protectivesecurit$.#ov.au.
1.B
Structure of these guidelines
/hese #uidelines are broadl$ divided into four sections! ris9 miti#ation and assurance measures the Decurit$ Iones methodolo#$ and re?uirements details of individual control measures' and a chec9list for a#encies reviewin# ph$sical securit$ measures.
Risk mitigation and assurance measures

A#encies are to base an$ ph$sical securit$ miti#ation measures to protect people and ph$sical assets on their identified ris9s. /o #ive assurance in information sharin# arran#ements an a#enc$ is re?uired to! reduce the residual ris9s to an acceptable level to the a#enc$' or where this is not possible' lower the li9elihood of compromise' loss of availabilit$' or loss of inte#rit$ as much as possible' then appl$ minimum controls determined b$ the business impact level of the compromise' loss of availabilit$ or loss of inte#rit$ of the information.
1.J
0he risk management )rocess
A#encies are to underta9e a full securit$ ris9 assessment in accordance with! the Australian Dtandard AD")ID (D8 31000!200K $isk %anagement & Principles and guidelines' and the Australian Dtandards =: 1BJ!200B Security risk management
when decidin# which ris9 miti#ation controls are re?uired. Dee PSPFGovernance arrangementsSecurity risk management 78V2B%. A summar$ of the steps used to identif$ and value assets includin# information and people%' determine and miti#ate the ris9s of compromise or loss of inte#rit$ or unavailabilit$ of those assets is in &i#ure 1. /he full ris9 mana#ement process is detailed in =: 1BJ!200B Security risk management.
7igure 1' Risk mitigation com)onent of the risk assessment )rocess

(dentif$ assets and a##re#ations of assets 0e#ular review at least ever$ two $ears%
,etermine the business impact level of the compromise' loss of inte#rit$ or unavailabilit$ of the assets criticalit$ and conse?uence%
(dentif$ a#enc$ specific threats to assets includin# natural and man2made threats
(dentif$ e>istin# miti#ation controls
,etermine the li9elihood of compromise' loss of inte#rit$ or unavailabilit$ of the assets
,etermine the current level of ris9 (f ris9s are not acceptable
(dentif$ additional controls needed to lower the ris9
,etermine residual ris9s
1.J.1 Additional requirements to meet specific threats

/hreat assessments are used to inform a#enc$ ris9 assessments. Dome threats increase the li9elihood of harm to people' or compromise information or ph$sical assetsG these will need additional or hi#her level controls to miti#ate the threats. /hreats ma$ affect the whole a#enc$ or be site or area specific. Dpecific threats to members of staff' clients and the public or individual assets should be considered. &or further advice on identif$in# threats' see the =: 1BJ!200B Security risk management' section 4. A#encies are to assess threats usin# internal and' if appropriate' e>ternal sources such as local police and other authorities. /hreat assessments are to be obtained for all facilities holdin# /8. D-C0-/ or Codeword information from the AD(8 )ational /hreat Assessment Centre )/AC%. )/AC threat assessments ma$ be sou#ht for other facilities where there are national securit$ ris9s.
Dpecialist advice should be sou#ht about the ris9 of natural disasters and suitable miti#ation strate#ies when selectin# sites. A#encies at ris9 from natural disasters should select securit$ products that protect a#ainst these when hardenin# facilities a#ainst ph$sical securit$ ris9s. Some threats to facilities that may re(uire additional )hysical controls /he followin# list identifies some possible additional threats that ma$ increase the li9elihood of compromise of information or ph$sical assets' or harm to people within a#encies. /his list is indicative' not definitive! Agency )rogramsFinherent ris9s in a#enc$ pro#rams. Pu*lic kno6ledge of facility usesFran#in# from no public 9nowled#e to full public 9nowled#e of contentious pro#rams underta9en at the facilit$. /e#el of neigh*ourhood crimeFran#in# from occasional minor crime to re#ular maMor or or#anised crime. Client #iolenceFran#in# from occasional non2confrontational contact with clients to re#ular client contact which ma$ lead to violence. Pu*lic #iolenceFran#in# from little to no public contact to re#ular public protests that ma$ be violent. 0errorismFwhich ma$ lead to violence a#ainst personnel or facilities' or covert access to sensitive information. Shared facilitiesFran#in# from sin#le use facilities to co2tenancies with private hi#h ris9 tenants. Hor9 areas within an a#enc$ with diverse pro#rams ma$ also be considered as sharin# facilities%. Attracti#eness of information and )hysical assetsFran#in# from little value to information and ph$sical assets that are attractive to #roups of securit$ concern' includin# forei#n intelli#ence services' issue motivated #roups' trusted insiders.
1.N
Assurance re(uired for information and )hysical asset sharing
/o encoura#e information and ph$sical asset sharin#' a#encies need to have a hi#h level of assurance that other a#encies will suitabl$ protect their information and assets. A#encies are to determine business impact of the compromise' loss of inte#rit$ or unavailabilit$ of their information and assets as part of the securit$ ris9 assessment to determine the assurance the$ re?uire. An a#enc$@s ris9 assessment ma$ identif$ the need for securit$ control measures that e>ceed the minimum control measures for securit$ classified information. /able 1 #ives broad descriptions of business impact levels. &or details on determinin# business impact levels see the Australian Government protective security governance guidelines 'usiness impact levels.
0a*le 1' Business im)act le#els Business im)act *ow .escri)tion Could be e>pected to harm #overnment a#enc$ operations' commercial
entities or members of the public 6edium Could be e>pected to cause limited dama#e to national securit$' #overnment a#enc$ operations' commercial entities or members of the public Could be e>pected to dama#e #overnment a#enc$ operations' commercial entities or members of the public Could be e>pected to dama#e national securit$ Could be e>pected to seriousl$ dama#e national securit$ Could be e>pected to cause e>ceptionall$ #rave dama#e to national securit$
=i#h Ver$ hi#h ->treme Catastrophic
1.N.1 Assurance for security classified physical assets

An a#enc$ holdin# securit$ classified ph$sical assetsFthat is' assets that are classified in their own ri#ht' not because of an$ information held on themFare to determine the ph$sical controls re?uired on a case2b$2case basis based on! an$ re?uirements imposed b$ the asset owner' or the a#enc$@s ris9 assessment and the conse?uences of the assets compromise loss or dama#e
whichever is the hi#her.
1.K
Site security )lans
A#encies are to evaluate each of their sites separatel$. /hese ma$ be further subdivided into separate wor9 areas where there is considerable variation in ris9s to each wor9 area. A site securit$ plan documents measures to counter identified ris9s to an a#enc$@s functions' information' people and ph$sical assets at a desi#nated site. A#encies are to evaluate the different ris9s to their facilities' people' information functions and ph$sical assets durin# business hours and out2of2hours. Controls needed durin# operatin# hours should ta9e into account the increased ris9s from public and client contact as well as insider threats. Hhile these ris9s still e>ist out2of2hours' there ma$ be a hi#her ris9 from e>ternal sources such as brea9 and enters. A#encies are to assess the impact of the compromise' loss of inte#rit$ or unavailabilit$ of their site securit$ plans to their securit$ and operations' and appl$ a suitable ,issemination *imitin# 6ar9er ,*6% or securit$ classification. Dee the Australian Government information security management guidelinesSecurity classification system. A site securit$ plan should include! measures that are scalable to meet increases in threat levels the location and nature of the site whether the a#enc$ has sole or shared ownership or tenanc$ of the site whether the public or other non2a#enc$ personnel have a ri#ht of entr$ to the site
what securit$ classification of information is to be stored' handled' processed or otherwise used in each part of the site (C/ assets' includin#' but not limited to' data' software' hardware and portable e?uipment such as laptops' personal electronic devices (C/2related e?uipment for e>ample' file servers' wor9stations' terminals' main distribution frames and cablin#% and utilities an$ other resources that will be on the site an indication of whether ever$ part of the site is intended to have the same level of securit$ what protective measures will be re?uired for!
the site as a whole particular areas within the site for e>ample' part of a floor which will hold information of a hi#her classification than the rest of the site% what differin# measures will be re?uired for!
stora#e' handlin# and processin# of securit$ classified information' and securit$ classified or otherwise sensitive discussions and meetin#s.
1.K.1 Critical path

/he effectiveness of securit$ controls is measured b$ the probabilit$ of detection at the point where there is enou#h time for a response team to interrupt an adversar$. /he critical path is the adversar$ path with the lowest probabilit$ of interruption. An adversar$ path is an ordered se?uence of actions a#ainst an asset that could result in it bein# compromised. Adversaries could normall$ be e>pected to ta9e the easiest and most direct route. -arl$ detection of unauthorised access enables a ?uic9er response. (deall$ interception should occur before access to the asset' but this depends on the asset and the securit$ obMectives. (nterruption ma$ not be re?uired if tamper evidence is the obMective for protectin# the asset. /his concept is illustrated in &i#ure 2. 7igure $' Relationshi) *et6een detecting8 delaying and res)onding to a )erimeter security *reach
:reach of perimeter Access to asset 0ime needed *y an ad#ersary 9 .elay achie#ed *y )hysical security measures :reach Pone Safety margin (ntercept adversar$ -scape
/he effectiveness of securit$ elements will influence! probabilit$ of detectionFthe cumulative probabilit$ of detectin# an adversar$
0ime needed *y )hysical security systems Alarm ,ispatch response ,etection and assessment of breach
cumulative dela$Fthe combined minimum dela$ time alon# the adversar$ path responseFthe time for a response to reach a point of detection' and interruptionFoccurs when the response time is less than the dela$ provided' measured from the first point of detection.
&urther information on appl$in# critical path anal$sis is available in Physical Protection Systems b$ 6ar$ *$nn 7arcia and the companion assessment tool.
1.K.2 Crime prevention through environmental design (CPTED)

C./-, should be an inte#ral part of facilit$ plannin#. /he approach emphasises the importance of identif$in# which aspects of the ph$sical environment could affect the behaviour of people and uses these aspects to minimise crime. 6an$ publications such as the two referenced below% deal with C./-, in the domain of private housin# and public areas' but it is e?uall$ applicable in #overnment a#encies. C./-, principles ma$ identif$ different solutions that those identified for other securit$ needs' for e>ample counter2terrorism. /he miti#ations used should be based on an a#enc$@s ris9 assessment. 6ore information on C./-, can be found at! (esigning )ut *rime+ crime prevention through environmental design an earl$ publication from the Australian (nstitute of Criminolo#$ focusin# on household crimeG the concepts are transferable to or#anisations. *rime Prevention through Environmental (esign Guidelines for ,ueensland a Oueensland .olice publication released in 200J.
Security !ones
Decurit$ Iones provide a methodolo#$ for ph$sical securit$ miti#ation based on the securit$ ris9 assessment. /he Iones are a #uide to developin# a facilit$' buildin# and rooms ph$sical securit$ plan. Application of re?uirements based on the business impact level of an$ compromise' loss of inte#rit$ or unavailabilit$ of information and ph$sical assets within Pones #ives assurance in information and asset sharin# arran#ements. /he primar$ outcomes of the Pones methodolo#$ are to #ive a scalable level of protection from! unauthorised or covert access' and forcible attac9.
/he ph$sical securit$ measures in hi#her level Pones should include tamper evidence and also be! hi#hl$ resistant to covert attac9 to protect information' or hi#hl$ resistant to forcible attac9 to protect assets.
&or further information see *a$erin# of Iones. /able 2 provides broad descriptions of the functions that a#encies can underta9e in the Iones' the information and assets the$ can handle and store in the Iones' and some e>amples of Decurit$ Iones. 0a*le $' Security !ones
!one ty)e Ione 8ne .escri)tion .ublic access areas Ione includes perimeter access control measures. Dtora#e of information and ph$sical assets with low to medium business impact levels needed to do business. +se of information and ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a hi#h or ver$ hi#h business impact is permitted. Dtora#e not recommended but is permitted if unavoidable. +se of information and ph$sical assets above ver$ hi#h onl$ under e>ceptional circumstances with approval of the ori#inatin#"ownin# a#enc$. )o stora#e permitted. /he inner perimeter of Pone one ma$ move to the buildin# or premise perimeter out of hours if e>terior doors are secured.% +&am)les :uildin# perimeters and public fo$ers. (nterview and front2des9 areas where there is no se#re#ation of staff from clients and the public. 8ut2of2office temporar$ wor9 areas where the a#enc$ has no control over access. &ield wor9 includin# most vehicle2based wor9. ->hibition areas with no securit$ controls. .ublic access parts of multi2buildin# facilities.
10
!one ty)e Ione /wo
.escri)tion +nrestricted emplo$ee and contractor access with restricted public access. Dtora#e of information and ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to ver$ hi#h is permitted. +se of information and ph$sical assets with an e>treme business impact is permitted' but not normall$ stored in area. )o stora#e of these assets without ori#inator@s approval. +se of information and ph$sical assets with a catastrophic business impact onl$ under e>ceptional circumstances to meet operational imperatives with approval of the ori#inatin# a#enc$. )o stora#e permitted. /he outer perimeter of Ione /wo ma$ move to the buildin# or premise perimeter out of hours if e>terior doors are secured.% *imited emplo$ee and contractor access with escorted or closel$ controlled visitors onl$. (f securit$ classified information is held' all emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information the$ access in the Ione. Dtora#e of information or ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to e>treme is permitted. +se of information with catastrophic impact level is permitted' but not normall$ stored in area.
+&am)les )ormal a#enc$ office environments. )ormal out2of2office or home2based wor9sites where the a#enc$ has control of access to the part of the site used for a#enc$ business. 6ilitar$ bases and airside wor9 areas. (nterview and front2des9 areas where there is se#re#ation of staff from clients and the public. Court houses. Vehicle2based wor9 where the vehicle is fitted with a securit$ container' alarm and immobiliser. ->hibition areas with securit$ controls and controlled public access.
Ione /hree
Decurit$ areas within a#enc$ premises with additional access controls on staff. ->hibition areas for ver$ valuable assets with specific item asset protection controls and closel$ controlled public access. Areas used to store art wor9s or items of cultural si#nificance when not on displa$. Court rooms.
11
!one ty)e Ione &our
.escri)tion Dtrictl$ controlled emplo$ee access with personal identit$ verification as well as card access. 8nl$ contractors and visitors with a need to 9now and closel$ escorted #iven access. (f securit$ classified information is held' all emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information held in the Ione. Dtora#e of information of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to e>treme is permitted. Dtora#e of or ph$sical assets of which the compromise' loss of inte#rit$ or unavailabilit$ would have a business impact up to catastrophic is permitted. +se of information with catastrophic impact level is permitted' but not normall$ stored in area. /hese areas are normall$ onl$ constructed as an alternative to Ione /hree where the facilit$ also has a Ione &ive.% Dtrictl$ controlled emplo$ee access with personal identit$ verification as well as card access. 8nl$ contractors and visitors with a need to 9now and closel$ escorted #iven access. All emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information held in the Ione. Dtora#e of information classified /8. D-C0-/' Codeword information or lar#e ?uantities of other information where the compromise' loss of inte#rit$ or unavailabilit$ of the a##re#ate of the information would have a catastrophic business impact.
+&am)les Decurit$ areas within a#enc$ premises with additional access controls on staff. ->hibition areas for ver$ valuable assets with specific item asset protection controls and closel$ controlled public access. Areas used to store art wor9s or items of cultural si#nificance when not on displa$.
Ione &ive
=i#hest securit$ areas in a#enc$ premises. Australian (ntelli#ence Communit$ facilities.
12
1.K.3 Layering of ones

A#encies should la$er the Iones wor9in# in from Ione 8neFthat is' public access areas Fincreasin# the protection with each new Ione. 6ultiple la$ers will #ive a#encies a #reater dela$ to allow response to an$ unauthorised entr$. Iones should #ive #reater periods of dela$ as levels increase. :$ la$erin# Iones within Iones the dela$ is cumulative #ivin# the a#enc$ #reater time to respond before unauthorised access to the inner Ione. &i#ure 3 provides some e>amples of Ione confi#urations. (n some instances it is not possible for hi#her Iones to be located full$ within lower Iones. A#encies ma$ need to additionall$ stren#then e>ternal walls of the hi#her Iones. Ione 8ne ma$ also include perimeter protection measures' for e>ample blast miti#ation' counter2terrorism protection' etc. As Pone levels increase' the protective securit$ measures pro#ressivel$ chan#e to protect information and ph$sical assets. /he number of Iones that individual a#encies need depends on the different levels of assurance and se#re#ation re?uired. A#encies should determine the minimum and ma>imum Iones re?uired in facilities' for e>ample a#encies with! low to medium business impact levelsFma$ onl$ need Ione 8ne or Ione /wo up to and includin# hi#h to ver$ hi#h business impact levelsFma$ need Ione 8ne and Ione /wo up to and includin# e>treme business impact levelsFma$ need Iones 8ne to /hree' and up to and includin# catastrophic business impact levelsFma$ need Iones 8ne to &ive.
Dee the Australian Government protective security governance guidelines'usiness impact levels. A#encies holdin# information or ph$sical assets of which the compromise' loss of inte#rit$ or loss of availabilit$ would have an e>treme business impact ma$ choose to use Iones /hree or &our for all their #eneral staff access areas' rather than Ione /wo. A#encies with information of which the compromise' loss of inte#rit$ or loss of availabilit$ would have a catastrophic business impact ma$ choose to use Ione &our for all their #eneral staff access.
13
7igure 3' Indicati#e layering of !ones
14
1.K.4
one requirements
A#encies are to use controls to treat their identified ris9s. /he$ are to then appl$ the controls in the followin# table which identifies the re?uirements for each Pone to #ive assurance in information or ph$sical asset sharin# arran#ements. /he Pone re?uirements provide a level of assurance a#ainst! the compromise' loss of inte#rit$ or unavailabilit$ of information' and the compromise' loss or dama#e of ph$sical assets.
/hese obMectives ma$ not encapsulate all t$pes of protection re?uired for people' information and ph$sical assets. A#encies should determine additional treatments based on their ris9 assessments. Ione re?uirements are detailed in /able 3.
1A
0a*le 3' !one re(uirements &urther details on each t$pe of control can be found in section A b$ followin# the lin9s in control components below%.
Control com)onents :uildin# construction /e#el of assurance re(uired for information and )hysical asset sharing !one :ne ,etermined b$ an a#enc$@s ris9 assessment !one 06o .uring *usiness hours )ormal construction to the Australian :uildin# Code :ut;of;hours )ormal construction and! Dlab2to2slab construction' or tamper evident ceilin#s' or construction to AD(8 Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ $ooms ,etermined b$ an a#enc$@s ris9 assessment' recommended for office environments AD 2201 Class 3L4 alarm which should be hard wired within the Ione !one 0hree Construction! to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms or information onl$' or usin# elements tested to AD 3AAA.1L2003 level 4 or above for valuable ph$sical assets !one 7our Construction! to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms or information onl$' or usin# elements tested to AD 3AAA.1L2003 level 4 or above for valuable ph$sical assets !one 7i#e Construction to! AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms' and Supplement to the Technical -ote & Physical Security of T)P SE*$ET areas
8ut of hours Alarm s$stems1' 2
,etermined b$ an a#enc$@s ris9 assessment
AD 2201 Class A alarm which should be hard wired within the Ione use of DC-C approved detection devices is recommended%
DC-C /$pe 1 usin# DC-C approved detection devices%
DC-C /$pe 1 usin# DC-C approved detection devices%
8ut of hours alarm response2
,etermined b$ an a#enc$@s ris9 assessment response should be within the achieved dela$ from other ph$sical securit$ measures%
1B
Control com)onents
Access control s$stems1
/e#el of assurance re(uired for information and )hysical asset sharing !one :ne ,etermined b$ an a#enc$@s ris9 assessment !one 06o ,etermined b$ an a#enc$@s ris9 assessment' recommended for office environments (, card re?uired for access Commercial loc9in# s$stem !one 0hree (, card and sectionalised access control s$stem !one 7our (, card and sectionalised access control s$stem with full audit trail !one 7i#e (, card and sectionalised access control s$stem with ,ual authentication
*oc9s
,etermined b$ an a#enc$@s ris9 assessment. A#enc$@s buildin#s should be loc9ed out of hours ,etermined b$ an a#enc$@s ris9 assessment ,etermined b$ an a#enc$@s ris9 assessment
Commercial loc9in# s$stem
DC-C approved loc9in# s$stem
DC-C approved loc9in# s$stem
Qe$in# s$stems
Commercial restricted 9e$in# s$stem recommended ,etermined b$ an a#enc$@s ris9 assessment (f a DAD and separate -ACD are used the DAD cannot be disabled b$ the access control s$stem Visitor re#ister with visitors escorted in sensitive parts of facilit$
DC-C approved 9e$in# s$stem Alarm cannot be disabled b$ the access control s$stem
DC-C approved 9e$in# s$stem *imited one wa$ in accordance with the Type ! SAS for Australian Government #ntegration specification
DC-C approved 9e$in# s$stem /he alarm is a standalone s$stem and ma$ disable access control s$stem when activated
(nteroperabilit$ of alarm s$stem and other buildin# mana#ement s$stems3
Visitor control
-scorted visitors in whole of Pone
Visitors e>cluded unless there is an identified need
Visitors e>cluded unless there is an identified need
Dtora#e of official information Dtora#e of valuable ph$sical assets

CC/V covera#e4 Decurit$ li#htin#A
,etermined b$ an a#enc$@s information holdin#s' see /able A! Delectin# securit$ containers or rooms to store official information ,etermined b$ an a#enc$@s ph$sical asset holdin#s' see /able B! Delectin# safes or vaults to protect valuable ph$sical assets ,etermined b$ an a#enc$@s ris9 assessment ,etermined b$ an a#enc$@s ris9 assessment
1J
Control com)onents .erimeter access control (ndividual alarm options
/e#el of assurance re(uired for information and )hysical asset sharing !one :ne !one 06o !one 0hree !one 7our !one 7i#e ,etermined b$ an a#enc$@s ris9 assessment ,etermined b$ an a#enc$@s ris9 assessment
8ther controls to address ,etermined b$ an a#enc$@s ris9 assessment. Dome e>amples of additional control measures for specific ris9s are at /able J! specific ris9s Additional controls to address specific ris9s 4otes'
1. A#encies are to use sectionalised alarm and access control s$stems when there are Iones /hree and above in a facilit$. /he alarm and access control
2. 3. s$stems are to meet the needs of the hi#hest Ione in the facilit$. Alternativel$ a#encies ma$ use separate alarm and access control s$stems for different Iones. 8ut2of2hours #uards' performin# re#ular information container and ph$sical asset inspections and patrols of facilities ma$ be a suitable replacement for an alarm s$stem in Iones 8ne to /hree. 0esponse time for off2site #uards should be less than the dela$ #iven b$ the total of other controls. (nteroperabilit$ of the alarm s$stem and electronic access control s$stems -ACD% is to meet the hi#hest re?uirement for all Pones covered b$ the alarm s$stem and -ACD. Hhere DC-C2approved /$pe 1 DAD are used' an$ inte#ration with buildin# mana#ement s$stems is to be in accordance with the Type ! SAS for Australian Government#ntegration specification /here ma$ be specific Murisdictional le#islation that applies to CC/V covera#e of public areas' see Anne> ,! *e#islation coverin# CC/V installation and usa#e. A#encies should ensure the$ use li#htin# that at least meets the minimum re?uirements for an$ CC/V s$stems used.
4. A.
1N
1.K.A Accreditation of ones

A#enc$ securit$ advisers ADAs% ma$ accredit a#enc$ facilities as Ione 8ne to Ione &our when the controls meet the re?uirements of /able 4! Dummar$ of certification re?uirements. &or further information on accreditation re?uirements for Iones holdin# /8. D-C0-/ securit$ classified information' certain Codeword information' or a##re#ations of information where the compromise' loss of inte#rit$ or unavailabilit$ of the information would have a catastrophic business impact see the Australian Government physical security management protocol0 section B.4. (f securit$ classified information is held in Iones &our or &ive all emplo$ees with on#oin# access are to hold a securit$ clearance at the hi#hest level of the information held in the Ione. Dee the Australian Government personnel security protocol.
1K
0a*le ' Summary of certification re(uirements

Control needed )/AC threat assessment !one :ne )"A !one 06o )"A !one 0hree 0ecommended if national securit$ is impacted ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant2'3 Duitabl$ ?ualified s$stem installer"desi#ner2 Duitabl$ ?ualified s$stem installer"desi#ner ADA )"A !one 7our 0ecommended if national securit$ is impacted ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant3 )"A !one 7i#e ;es
A#enc$ securit$ ris9 assessment A#enc$ specific threat assessments e#. police threat assessment' etc Dite securit$ plan DC-C t$pe 1 alarm s$stem Commercial alarm s$stem
ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant1'2'3 Duitabl$ ?ualified s$stem installer"desi#ner1 Duitabl$ ?ualified s$stem installer"desi#ner1 ADA )"A
ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant1'2'3 Duitabl$ ?ualified s$stem installer"desi#ner1'2 Duitabl$ ?ualified s$stem installer"desi#ner1 ADA )"A
ADA ADAFif need identified in a#enc$ ris9 assessment ADA DC-C endorsed securit$ Pone consultant3 )"A
-lectronic access control s$stem 8ther Ione re?uirements4 Dite inspection and certification of suitabilit$ to hold /8. D-C0-/ Dite inspection and certification of suitabilit$ to hold information below /D Accreditation of overall measures
Duitabl$ ?ualified s$stem installer"desi#ner ADA )"A
Duitabl$ ?ualified s$stem installer"desi#ner ADA AD(82/4
ADA
ADA
ADA
ADA
)"A
ADA
ADA
ADA
ADA
ADA
)otes! 1. (nclusion of an alarm s$stem and"or -ACD in Iones 8ne and /wo are at the a#enc$@s discretion. 2. (f 8ut2of2hours #uardin# patrols and"or commercial alarm s$stems are not used instead. 3. DC-C2endorsed securit$ Pone consultants are to desi#n and commission DC-C /$pe 1 DAD in accordance with the re?uirements of the Type ! SAS #mplementation and )peration Guide
20
4. Dee /able J! Additional controls to address specific ris9s.
21
Indi#idual control elements

/his section provides #uidance on selectin# control measures identified in /able B. A#encies ma$ select e>tra controls not identified in this section in accordance with their ris9 assessment. Dome indicative additional controls are in /able J.
1.10 Use of SC+C;a))ro#ed )roducts

/he Decurit$ Construction -?uipment Committee DC-C% tests and approves! securit$ products that primaril$ focus on protectin# securit$ classified information of which the compromise' loss of inte#rit$ or unavailabilit$ would result in a business impact level of hi#h or above products that prevent widespread loss of life' and other securit$ products that re?uire specialist testin#.
/hese approved items are listed in the DC-C Security E1uipment *atalogue. -ven where not re?uired an a#enc$ ma$ still use DC-C2approved securit$ e?uipment' or use suitable commercial e?uipment that complies with identified securit$ related Australian or (nternational Dtandards' for the protection of people' information or ph$sical assets. /he DC-C is developin# the Security e1uipment evaluated product list and DC-C Guidelines on e1uipment selection which will pro#ressivel$ replace the D-C' see Anne> :! Dummar$ of e?uipment tested b$ the Decurit$ Construction and -?uipment Committee and #uidelines to assist a#encies in selectin# commercial e?uipment.
1.11 Building construction

1.11.1 Construction of !uildings
Agencies should assess the suita2ility of construction methods and materials to give the protection needed 2efore leasing or constructing premises #ncreasing the level of 2uilding securitythat is0 the level of delay providedafter3ards may 2e e4pensive or impossi2le /$picall$ buildin#s are constructed to the 'uilding *ode of Australia. Dome older buildin#s ma$ not meet this Code. :uildin#s are normall$ classified as domestic or commercial. ,omestic construction provides little protection from unauthorised accessG however' intrusion is normall$ evident as the most common unauthorised access is for theft. D9illed covert access is normall$ ver$ hard to detect in domestic situations. Dtandard commercial office premises normall$ provide an increased level of perimeter protection over domestic buildin#s. =owever' in normal office accommodation internal walls' false ceilin#s and other normal buildin# techni?ues reduce the abilit$ of a#encies to protect their information and ph$sical assets. 6ost commercial office spaces provide protection suitable for assets and information where the compromise' loss of inte#rit$ or unavailabilit$ would have a 2usiness impact of medium or 2elo3
22
A#encies should include additional buildin# elements to address an$ specific ris9s identified in their ris9 assessment where buildin# hardenin# ma$ provide some level of miti#ation. &or e>ample! blast miti#ation measures forcible attac9 and ballistic resistance road and public access paths li#htin# in addition to securit$ li#htin#% hostile vehicle miti#ation' and elements of crime prevention throu#h environmental desi#n C./-,%.
0elated Australian Dtandards! AD 3AAA.1!2003 'uilding elementsTesting and rating for intruder resistance#ntruder5 resistant panels /his standard provides #uidance on ver$ hi#h #rade intruder resistance such as for hi#h securit$ vaults%. AD")ID 2343!1KKJ 'ullet5resistant panels and elements. Sla*;to;sla* construction /he use of slab2to2slab constructionFthat is' the walls are Moined directl$ to the floor and bottom of the ne>t floor or the roof structureFprevents access throu#h false ceilin#s. A#encies should use slab2to2slab construction at the perimeter of Iones includin# all access points. /he AD(8 Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ $ooms provides details on methods to achieve slab2to2slab construction. As structural chan#es ma$ have an impact on the inte#rit$ of buildin#s' a#encies should see9 structural en#ineerin# advice before implementin# slab2to2slab construction. /he access points for Ione 8ne and /wo ma$ var$ between business and out of hoursG the Ione /wo access point ma$ move from an internal access point durin# business hours to the perimeter of the buildin# or premise out of hours. A#encies ma$ use access points for Ione /wo durin# business hours without slab2to2slab construction when the out2of2hours access point has slab2to2slab construction. Alternativel$ a#encies ma$ install an intruder2resistant la$er in the ceilin#' such as metal mesh' to address the problem of removable false ceilin# panels where the$ re?uire intrusion dela$ for specific rooms. /hese measures do not #ive an$ protection from over2hearin# and are not to be used where speech securit$ is needed. A#encies ma$ also use tamper2evident buildin# techni?ues to provide some indication of unauthorised access. Construction of !one 7i#e )erimeter &or further information on constructin# Ione &ive areas to store /8. D-C0-/ information or a##re#ation of information of which the compromise' loss of inte#rit$ or loss of availabilit$ ma$ cause catastrophic dama#e see! AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms' and Supplement to the Technical -ote & Physical Security of T)P SE*$ET Areas
23
/hese #uides are onl$ available to ADAs from AD(82/4.
1.12 Alarm systems

Alarm s$stems can provide earl$ warnin# of unauthorised access to a#encies@ facilities. An alarm s$stem is onl$ of value in conMunction with other measures desi#ned to detect' dela$ and respond. All alarm s$stems are to be monitored and lin9ed to a pre2determined response. Alarm s$stems ma$ be sin#le sector or sectionalised to #ive covera#e to specific areas of ris9. Dectionalised alarm s$stems allow #reater fle>ibilit$ as hi#hl$ sensitive areas can remain secured when not in use and other parts of the facilit$ are open. A#encies should' where possible' confi#ure alarm s$stems to continuousl$ monitor detection devices in hi#h ris9 areas' for e>ample irre#ularl$ accessed areas' roof spaces' inspection hatches and underfloor cavities. -ach a#enc$ is to have direct mana#ement and control of alarm s$stems in Ione /hree and above. A#encies should have direct mana#ement and administration of other alarm s$stems. -ach a#enc$ is to use appropriatel$ cleared and trained a#enc$ staff as privile#ed alarm s$stem operators and users in Ione /hree and above. A#encies should onl$ use appropriatel$ cleared and trained a#enc$ staff as privile#ed operators and users of other alarm s$stems. =owever' operation functions' such as monitorin# and maintenance' ma$ be outsourced. A#encies are to ensure all alarm s$stem armin# and disarmin# personal identification numbers .()s% are! uni?uel$ identifiable to an individual not recorded b$ the individual' and re#ularl$ chan#ed in accordance with the a#enc$@s ris9 assessment.
-mplo$ees are to advise the ADA of an$ suspected compromise of .()s as soon as the suspected compromise is identified. /he ADA is to disable the .() and investi#ate an$ potential securit$ breach. &or details on conductin# an investi#ation see the Australian Government protective security governance guidelines$eporting incidents and conducting security investigations to be released shortl$. A#encies should have the default"en#ineerin# user codes removed from alarm s$stems at commissionin#. A#encies should develop appropriate testin# and maintenance procedures to ensure the alarm s$stem is continuall$ operational. Alarm s$stems can be broadl$ divided into two t$pes! perimeter or e>ternal% intrusion detection s$stems .(,D% or alarms' and internal securit$ alarm s$stems DAD%.
A#encies ma$ use out2of2hours #uard patrols instead of an alarm s$stem in all Iones up to and includin# Ione /hree' see 8ut2of2hours #uardin#.
24
1.12.1 E"ternal alarms

.(,D ma$ be of value to a#encies that have facilities enclosed in a perimeter fence. /he$ provide earl$ warnin# of unauthorised breaches of a facilit$ perimeter. A#encies should see9 specialist advice when desi#nin# and installin# .(,D. /he DC-C Security E1uipment *atalogue contains approved e>ternal alarm components suitable for use.
1.12.2 #CEC Type $ #A#

/he DC-C approves DC-C /$pe 1 DAD which provide internal s$stem protections not #iven b$ commercial s$stems. A#encies are to use a DC-C /$pe 1 DAD for the protection of /8. D-C0-/ and certain Codeword information' or where the compromise' loss of inte#rit$ or unavailabilit$ of the a##re#ate of information would cause catastrophic dama#e to Australia@s national securit$Funless AD(82/4 has approved other site specific arran#ements. A#encies are to use! DC-C2approved /$pe 1 DAD in all Iones &our and &ive DC-C2endorsed securit$ Pone consultants to desi#n and commission DC-C /$pe 1 DAD in accordance with the re?uirements of the Type ! SAS #mplementation and )peration Guide' and DC-C2approved detection devices with an$ DC-C /$pe 1 DAD.
Dee the DC-C Security E1uipment *atalogue. Contractors used to maintain these s$stems are to be cleared at the appropriate level for the information held within the Iones covered b$ the DAD in accordance with the Type ! SAS #mplementation and )peration Guide. A#encies contemplatin# the installation of a DC-C /$pe 1 DAD are to contact AD(82/4 to determine current applicable standards.
1.12.3 Commercial alarm systems

Commercial DAD are #raded on their level of protection and comple>it$. :ase level s$stems are onl$ suitable for domestic useFthat is' AD 2201.1!200J Class 1 or 2. Alarm s$stems that do not compl$ with AD 2201.1 should not be used. 6id ran#e DAD are suitable for the protection of normal business operations in most a#enciesF that is' AD 2201.1!200J Class 3 or 4. /he hi#hest level of DAD is suitable for the protection of all information and ph$sical assets unless their compromise' loss of inte#rit$ or unavailabilit$ would cause catastrophic dama#e. Hhere a DC-C /$pe 1 DAD is not needed' a#encies are to determine whether a commercial DAD is re?uired at their facilities' includin# an$ temporar$ sites' as part of their ris9 miti#ation strate#ies' and the specifications for an$ such s$stem.
A#encies are to use AD 2201.1!200J Class A DAD' or DC-C /$pe1 DAD in Ione /hree areas. Alternativel$ a#encies ma$ use #uard patrols.
2A
(f a#encies use a commercial DAD in Ione /wo it should meet AD 2201.1!200J Class 3 or better. A#encies are to develop procedures to support the use' mana#ement' monitorin# and response arran#ements of a commercial #rade alarm s$stem. Hhere possible' a#encies should adopt the administration and mana#ement principles set out in the Type ! SAS #mplementation and )peration Guide An$ contractors used to maintain commercial DAD should be cleared to a level appropriate to the information to which the$ could reasonabl$ be e>pected to have incidental access in the Iones covered b$ the alarm s$stem. A#encies should use DC-C2approved detection devices in Ione /hree with a commercial DAD. /he$ ma$ use DC-C2approved detection devices in lower Iones covered b$ a commercial alarm s$stem. Dee the DC-C Security E1uipment *atalogue. A#encies should use a suitabl$ ?ualified desi#ner or installer to desi#n and commission an$ selected commercial alarm s$stems. 0elated Australian Dtandards! AD")ID 2201 Det!200N #ntruder alarm systems set!
AD")ID 2201.1!200J (ntruder alarm s$stemsFClient<s premisesF,esi#n' installation' commissionin# and maintenance AD 2201.2!2004 (ntruder alarm s$stemsF6onitorin# centres AD 2201.3!1KK1 (ntruder alarm s$stemsF,etection devices for internal use AD")ID 2201.A!200N (ntruder alarm s$stemsFAlarm transmission s$stems.
1.13 Indi#idual alarm o)tions

/he use of buildin# alarm s$stems' -ACD or other facilit$2wide measures ma$ not be ideal in some situations. /his includes' but is not limited to' wor9in# awa$ from the office' areas with a hi#h potential for personal violence and protection from the compromise of ph$sical assets in public areas. /here are a number of individual alarm options that ma$ be suitable in some situations' includin#! duress alarms individual item alarms' or alarm circuits' and vehicle alarms.
1.13.1 Duress alarms

,uress alarms enable emplo$ees to call for assistance in response to a threatenin# incident. A#encies ma$ be re?uired to use duress alarms activated b$ dual action duress buttonsFthat is' depressin# two separate buttons to tri##er the alarm to reduce the occurrence of false alarms Fwhen a police response is re?uired in some Murisdictions.
2B
Indi#idual duress alarm (ndividual or mobile duress alarms provide some deterrence to violence when emplo$ees are outside the office or circulatin# in public areas. .ersonal duress alarms fall into two broad cate#ories! remotel$ monitored duress alarms' and alarms that produce loud noise on activation.
0emotel$ monitored alarms are suitable for use within facilities where there is a dedicated monitorin# and response force. /he alarms consist of a personal alarm transmitter lin9ed to the facilit$' or a separate alarm s$stem. )oise producin# duress alarms rel$ on response b$ b$standers. /he$ are more suited for applications e>ternal to the a#enc$ facilities than monitored duress alarms where there could be considerable dela$ in response to the alarm. A#encies ma$ use these alarms within a facilit$ where the$ desire immediate notice of an incident b$ the people in the immediate area. <idden=fi&ed duress alarm &i>ed duress alarms are a t$pe of remotel$ monitored individual duress alarm. /he$ are normall$ hard wired and fi>ed to a location. A#encies should consider e?uippin# public contact areas' includin# the reception area' counters and interview rooms' with duress alarms where the ris9 assessment has identified a potential problem. =idden duress alarms should' enable emplo$ees to raise an alarm discreetl$' and be au#mented b$ procedures that provide an appropriate response.
A#encies should ensure that! all relevant staff are aware of and have re#ular trainin# and trials with the duress alarm the duress alarm is confi#ured as part of an intruder alarm s$stem that complies with AD")ID 2201 Det!200N' and the alarm panel is located within the protection Pones of the alarm s$stem in accordance with AD")ID 2201 Det!200N.
Additional information on installation and monitorin# of duress alarms is on the Hest Australian .olice webpa#e Standard code for supply and installation of hold5up and duress alarm devices.
1.13.2 %ndividual item alarm&alarm circuit

Valuable items' particularl$ when in public areas such as e>hibitions' ma$ not be able to be protected b$ normal alarm s$stems. An option is to install individual item alarm circuits or a separate alarm s$stem to monitor individual items. Dome possible alarm sensor t$pes that ma$ be suitable are! pressure switches motion sensors CC/V activated alarms' and
2J
radio fre?uenc$ identification 0&(,% ta# s$stems.
A#encies should see9 specialist advice when desi#nin# alarm s$stems for individual items.
1.13.3 'ehicle alarm

A#encies that have field wor9ers often re?uire these emplo$ees to wor9 from vehicles that can contain lar#e ?uantities of valuable e?uipment. 6ost vehicle alarms rel$ on noise and have similar deterrent value to noise producin# personal duress alarms. =owever' the$ rel$ on a response b$ b$standers if the emplo$ee is outside hearin# ran#e. A#encies ma$ consider fittin# remotel$ monitored vehicle alarms where the business impact level of loss of the information or ph$sical assets in the vehicle' or the vehicle itself' is hi#h or above. 0emote vehicle alarms ma$ also be lin9ed to remote vehicle trac9in# and immobilisation s$stems.
1.14 Access control systems

An access control s$stem is a measure or #roup of measures desi#ned to allow authorised personnel' vehicles and e?uipment to pass throu#h protective barriers' while preventin# unauthorised access. /he$ limit access throu#h openin#s in barriers' such as walls' and #ive authorised access to information and ph$sical assets bein# protected. Access control can be achieved in several wa$s with the most common bein#! ps$cholo#ical or s$mbolic barriersFfor e>ample' Crime prevention throu#h environmental desi#n C./-,% securit$ staff ph$sicall$ located at entr$ and e>it points securit$ staff located at central points who monitor and control entr$ and e>it points usin# intercoms' videophones' closed circuit television cameras and similar devices mechanical loc9in# devices operated b$ 9e$s or codes' and electronic access control s$stems -ACD%.
-ach approach has advanta#es and disadvanta#es' and the precise method used will depend on the particular application in which access control is re?uired. Access control s$stems should provide identit$ validation b$ usin# authentication factors of! what $ou haveF9e$s' (, cards' passes' etc. what $ou 9nowF.()s' etc. who $ou areFvisual reco#nition' biometrics' etc.
2N
1.14.1 Dual authentication

,ual authentication re?uires the use of two of the factors of access control s$stems. A#encies are to use dual authentication to control access to Ione &ive. A#encies ma$ use dual authentication in other circumstances where their ris9 assessment identifies a si#nificant ris9 of unauthorised access.
1.14.2 Electronic access control systems

A#encies are to use -ACD where there are no other suitable identit$ verification and access control measures in place. -lectronic access control ma$ be used in conMunction with other personnel and vehicle access control measures. A#encies ma$ use sectionalised -ACD in a facilit$ to control access to specific areas. -ACD sections would normall$ be the same as sections of a#encies@ alarm s$stems' but ma$ also have additional operational access control points not covered b$ individual alarm sections. Hhere -ACD and"or other access control measures are implemented to cover a whole facilit$' a#encies are to desi#n them to meet the hi#hest perceived threat and ris9 level. Hhere a#encies use multiple -ACD and"or other access control measures' the desi#n of each s$stem is to meet the hi#hest perceived threat and ris9 level in the areas covered b$ the s$stem. Hhen used' -ACD should t$picall$ commence at Ione /wo perimeters' but ma$ be used in Ione 8ne for e>ample to control access to car par9in#. A#encies should! see9 specialist advice when selectin# -ACD' and use a desi#ner or installer recommended b$ the manufacturer to desi#n and commission them.
A#encies are to verif$ the identit$ of all people who are issued with access cards for their -ACD at the time of issue. Dee &urther information. A#encies are to re#ularl$ audit -ACD. Audits should occur in accordance with the a#enc$@s ris9 assessment to determine whether people with access have a continued need to access the s$stem and that an$ access for people who have left has been disabled"removed. Anti )ass *ack Anti pass bac9 is desi#ned to prevent misuse of access control s$stems. Anti pass bac9 establishes a specific se?uence in which access cards must be used for the s$stem to #rant access. Anti2pass bac9 controls ma$ also be achieved b$ lin9in# access control to various other access s$stems' such as information s$stems and other ph$sical access controls. 06o )erson access system Dome -ACD can be enabled to onl$ allow access to areas when two people are present and will activate an alarm if one leaves the area. /his is 9nown as a no2lone2Pone. (t re?uires two authorised people to access and e>it a desi#nated area.
2K
A#encies should consider usin# a two person access s$stem when the$ re?uire a ver$ hi#h level of assurance a#ainst compromise or loss of hi#hl$ classified information or e>tremel$ valuable ph$sical assets. 7urther information &or further advice on personal identit$ verification .(V% for access control s$stems see! /he )ational (nstitute of Dtandards and /echnolo#$ +D ,ept of Commerce% publication' A $ecommendation for the 6se of P#7 *redentials in Physical Access *ontrol Systems .ACD%' and AD A1NA!2010 Protocol for light3eight authentication of identity 8P9A#(:' which #ives advice on confirmin# identit$ for access to lo#ical s$stems.
/here are currentl$ no Australian Dtandards that provide #uidance on desi#nin# or installin# -ACD. /he +D &(.D 201 and Canadian CA)"+*C2D31K ma$ provide some #uidance. -ACD ma$ be inte#rated with electronic alarm s$stems. Dee (nteroperabilit$ of alarm s$stem and other buildin# mana#ement s$stems.
1.14.3 %dentity cards

(dentit$ (,% cards allow for speed$ reco#nition of emplo$ees in a#enc$ facilities. A#encies are to use (, cards in Decurit$ Iones /hree to &iveG however' the$ should be used in all facilities. A#encies should issue (, cards to all people who have re#ular access to their facilities' subMect to meetin# an$ personnel securit$ re?uirements. A#encies are to verif$ the identit$ of all people who are issued with identit$ cards usin# the The gold standard enrolment frame3ork. (, cards should be! worn b$ emplo$ees and clearl$ displa$ed at all times in a#enc$ premises uni?uel$ identifiable' and audited re#ularl$ in accordance with the a#enc$@s ris9 assessment.
A#encies should discoura#e emplo$ees from wearin# (, cards outside a#enc$ premises. (, cards should include a return address for lost cardsG it should not identif$ the facilit$ to which the card #ives access. A#encies ma$ include other information on (, cards to improve control of access' such as names' photo#raphs and colours. -ACD access cards can be used as (, cards. A#encies are to secure all! card ma9in# e?uipment' and spare' blan9 or returned cards
within a Ione /wo or hi#her area.
30
1.1A Intero)era*ility of alarm system and other *uilding management systems

DC-C /$pe 1 DAD ma$ be inte#rated with -ACD and other buildin# mana#ement s$stems in accordance with the principles outlined in the DC-C Type ! Alarm system integration specification available to ADAs from AD(82/4. As the level of interoperabilit$ between DAD and an$ e>ternal inte#rated s$stem -(D%Ffor e>ample' buildin# mana#ement s$stems' CC/V' -ACDFincreases' the susceptibilit$ of the DAD to unauthorised access and tamperin# also increases. (n all instances' where an a#enc$ DAD has interoperabilit$ with other separate buildin# s$stems' those other s$stems is not to be able to disable the DAD while it is operatin#. Dome commercial DAD suitable for Ione /wo applications ma$ include full$ inte#rated -ACD as a sin#le s$stem. ,esi#ners of -(D or sub2s$stems should be aware of the need to secure -(D to prevent unauthorised access or manipulation' especiall$ when interconnected with an DAD. -(D should be desi#ned with appropriate lo#ical and ph$sical controls.
1.1B 1isitor control

Visitor control is normall$ an administrative processG however' this can be au#mented b$ use of -ACD. Visitors can be issued with -ACD access cards specificall$ enabled for the areas the$ ma$ access. (n more advanced -ACD it is possible to re?uire validation at all -ACD access points from the escortin# officer. 0e#ardless of the entr$ control method used' people should onl$ be #iven unescorted entr$ if the$! are able to show a suitable form of identification have a le#itimate need for unescorted entr$ to the area' and have the appropriate securit$ clearanceG see the Australian Government personnel security protocol.
A#encies should consider an$one who is not an emplo$ee in a facilit$ or area' or has otherwise been #ranted normal access to the facilit$ or area' as a visitor. /his ma$ include emplo$ees from other areas of the a#enc$. A#encies are to issue visitors accessin# Iones /hree to &ive areas with visitor passes. A#encies should also issue visitors to Ione /wo with visitor passes when other controls to limit access are not in place. .asses are to be! worn at all times collected at the end of the visit disabled on return if the passes #ive access to an$ a#enc$ access control s$stems' and chec9ed at the end of the da$ and' where the passes are reusable' action ta9en to disable and recover an$ not returned.
31
A#encies are to record details of all visitors to Ione /hree to &ive areas. A#encies should also record visitor access to Ione /wo areas if other control measures are not in place. An a#enc$ emplo$ee or authorised person should escort visitors. A#encies ma$' based on their ris9 assessment' record visitor details at the! facilit$ reception areas' or entr$ to individual securit$ Pones.
1.1B.1 'isitor registers

A#encies should use visitor re#isters si#ned b$ each visitor and the a#enc$ emplo$ee authorisin# the visit. /he re#ister ma$ include! the name of the visitor the visitor@s a#enc$ or firm or' in the case of private individuals' their private address the name of the emplo$ee to be visited the times of the visitor@s arrival and departure' and the reason for visit.
/he visitor re#ister would normall$ be located at the facilit$ reception des9 unless the des9 is unmanned' in which case it should be held b$ a desi#nated emplo$ee within the facilit$. Hhere a#encies mana#e the control of access to specific areas at the entr$ to the area then those areas should have their own visitor re#isters.
1.1B.2 (emoval of persons from agency premises

A#encies are to have documented procedures for dealin# with members of the public behavin# unacceptabl$ on a#enc$ premises or who are present in a restricted area. -mplo$ees are to be informed of these procedures. .olice officers have certain powers to respond to these situations. (n addition' under section 12 2% c% of the Pu2lic )rder 8Protection of Persons and Property: Act !;<!' a person authorised in writin# b$ a 6inister or the public authorit$ under the Commonwealth occup$in# the premises ma$ also be able to e>ercise certain powers. Dection NK of the *rimes Act !;!4 also allows for the appointment of Authorised Commonwealth 8fficers b$ a 6inister. (f a member of the public behaves in an unacceptable manner the a#enc$ head' person authorised or an Authorised Commonwealth 8fficer should ta9e the followin# steps when the$ consider it necessar$ for the person to leave the premises! advise the person that the officer is a person authorised under the Pu2lic )rder 8Protection of Persons and Property: Act !;<!0 or an Authorised Commonwealth 8fficer under the *rimes Act !;!4 initiall$ see9 the person@s cooperation to cease the behaviour and"or to leave the premises as9 the person to stop the behaviour and warn them the$ could be re?uired to leave the premises immediatel$
32
if the person does not stop the unacceptable behaviour' advise them that due to their behaviour the a#enc$ head' person authorised or an Authorised Commonwealth 8fficer is withdrawin# permission for them to be on the premises re?uest the person to leave the premises immediatel$' and warn the person that the police will be called if the$ remain' and of the possible le#al conse?uences of non2compliance with the re?uest to leave.
(n most cases the person will a#ree to leave. (f the a#enc$ head' authorised person or an Authorised Commonwealth 8fficer assesses it is safe to do so the person should be accompanied until the$ have left. =owever' if the$ refuse to leave' the a#enc$ should contact the police immediatel$. )o emplo$ee or #uard is to attempt to ph$sicall$ remove a person from a#enc$ premises' unless permitted to do so under le#islation. /his would normall$ be left to a police officer. /he police contact telephone number should be available to all emplo$ees.
1.1B.3 Access !y the media

A#enc$ emplo$ees considerin# #ivin# access to media representatives should consult the ADA before #rantin# access to a#enc$ premises. (n addition to the a#enc$ standard visitor control procedures' the followin# procedures should be followed! a desi#nated emplo$ee should accompan$ media representatives throu#hout the visit securit$ classified information is loc9ed awa$ preferable% or at least protected from view additional restrictions are considered when appropriate' such as handin# in mobile phones and other recordin# and communications e?uipment' and the a#enc$ media liaison unit or public affairs area is consulted about the arran#ements.
/he a#enc$ ma$ consider additional controls to be necessar$ for particular sites. (f an a#enc$ #rants permission for a visit to areas where securit$ classified information is bein# used or handled' the emplo$ee responsible for the media representatives is to remind them that no photo#raphs or recordin#s of an$ t$pe can be ta9en at an$ time durin# the visit e>cept with specific a#enc$ approval.
1.1J Rece)tionists and guards

A#encies that have re#ular public or client contact should have receptionists or #uards to #reet' assist and direct visitors. 7uards provide deterrence a#ainst loss of information and ph$sical assets and can provide a rapid response to securit$ incidents. 7uards ma$ either be directl$ emplo$ed b$ an a#enc$' or be emplo$ed throu#h a commercial #uardin# compan$. A#encies are to ensure that contracted #uards are licenced in the Murisdictions the$ are emplo$ed. Dee Anne> C! Dummar$ of Murisdictional #uard licencin# le#islation. A#encies are to provide receptionists and #uards with detailed visitor control instructions.
33
/he$ should be able to easil$ loc9 all access to the reception area and"or non2public areas of the buildin# in an emer#enc$. /he$ ma$ onl$ perform other duties' such as CC/V and alarm monitorin#' if it does not interfere with their primar$ tas9 of controllin# buildin# access throu#h the reception area. (f performin# other duties the$ are to be suitabl$ trained and competent. 0eceptionists and #uards are to have a method of callin# for immediate assistance if threatened Ffor instance' a duress alarm' radioFas the$ are most at ris9 from dis#runtled members of the public. A#encies are to identif$ an$ securit$ concerns for receptionists and #uards and people usin# a#enc$ reception areas in their securit$ ris9 assessment and miti#ate these concerns. &or further information on safe reception area desi#n see ComcareFVirtual 8fficeF0eception.
1.1J.1 )ut*of*hours guarding

7uards and patrols ma$ be used separatel$ or in conMunction with other securit$ measures. /he re?uirement for #uards' their duties and the need for' and fre?uenc$ of' patrols should be based on the level of threat and an$ other securit$ s$stems or e?uipment that are alread$ in place. A#encies ma$ use out2of2hours #uardin# or patrols instead of alarm s$stems in Iones /wo to /hree. /hese #uards ma$ be permanentl$ on site or visit facilities as part of re#ular mobile patrollin# arran#ements. A#encies are not to use #uards instead of a DC-C2approved /$pe 1 DAD in Iones &our and &ive. =owever' #uard patrols ma$ be used as an e>tra measure. 7uard patrols used instead of an alarm s$stem are to chec9 all securit$ cabinets and access points as part of their patrols. 7uard patrols are to be performed at random intervals! for Ione /hreeFwithin ever$ four hours' and for other areas based on an a#enc$@s ris9 assessment.
7uards should hold securit$ clearances at the hi#hest level of information to which the$ ma$ reasonabl$ be e>pected to have incidental contact. Dee the Australian Government protective security governance guidelinesSecurity of outsourced functions to be released shortl$% for details of securit$ elements to be included in contracts. :ut;of;hours guard res)onse A#encies ma$ use out2of2hours #uard services in response to alarms in all Iones. /he response time should be within the dela$ period #iven b$ the ph$sical securit$ controls. /he hi#hest level of assurance is #iven b$ 24"J on2site #uards who can respond immediatel$ to an$ alarms.
1.1N /ocks and door hard6are

1.1N.1 Loc+s
*oc9s can deter or dela$ unauthorised access to information and ph$sical assets. A#encies are to!
34
secure all access points to their premises includin# doors and operable windows' usin# commercial #rade or DC-C2approved loc9s and hardwareG these loc9s ma$ be electronic' combination or 9e$ed #ive combinations' 9e$s and electronic to9ens the same level of protection as the most valuable information or ph$sical asset contained b$ the loc9' and use DC-C2approved loc9s and hardware in Iones &our and &ive' see the DC-C Security E1uipment *atalogue.
A#encies ma$ use suitable commercial loc9in# s$stems in other areas. *oc9s are onl$ as stron# as the fittin#s and hardware surroundin# them. A#encies should also assess the level of protection needed from ,oors and frames when selectin# loc9s. Hhen usin# DC-C2approved loc9s a#encies should use DC-C2endorsed loc9smiths. 0elated Australian Dtandards! AD 414A.2!200N 9ocksets and hard3are for doors and 3indo3s%echanical locksets for doors and 3indo3s in 2uildings.
1.1N.2 ,eying systems

Qe$in# s$stems are desi#ned to provide a level of assurance to the administrator that! unauthorised duplicate 9e$s have not been made' and provide miti#ation to common 9e$in# s$stem compromises.
/he$ do this b$ usin# various controls such as! le#al controls' for e>ample re#istered desi#ns' patents levels of difficult$ in obtainin# or manufacturin# 9e$ blan9s and the machiner$ used to cut duplicate 9e$s' and levels of protection a#ainst compromise techni?ues' for e>ample pic9in#' impressionin#' decodin#.
Hhen selectin# a 9e$in# s$stem a#encies should evaluate! the level of protection provided a#ainst common forms of compromise the len#th of le#al protection offered b$ the manufacturer supplier protection of a#enc$ 9e$in# data within supplier facilit$ the transferabilit$ of the s$stem and an$ associated costs' and commissionin# and on#oin# maintenance costs.
A#encies are to use DC-C2approved 9e$in# s$stems in Iones /hree to &ive. Dee the DC-C Security E1uipment *atalogue. A#encies ma$ use DC-C2approved 9e$in# s$stems in other areas based on their ris9 assessment. Hhen usin# DC-C2approved 9e$in# s$stems a#encies should use DC-C2endorsed loc9smiths. (n Ione /wo a#encies are to use commercial restricted 9e$in# s$stemsFthat is' 9e$s that are not able to be readil$ copiedFor combination loc9s. A#encies should also use restricted 9e$in# s$stems in lower level applications where there is a ris9 of theft.
3A
A#encies should use mastered 9e$ s$stems with sufficient levels so that separate area master 9e$s control an$ loc9s within -ACD and"or alarm s$stem control points. &i#ure 3 outlines an indicative master 9e$in# tree. :efore selectin# a ?ualified loc9smith to provide a 9e$in# s$stem' a#encies should consider whether the 9e$in# s$stem is proprietar$ to the installin# loc9smith' or will incur a cost if transferred to another loc9smith.
3B
7igure 3' Indicati#e master keying tree 7rand master 9e$ Area master 9e$ *oc9 *oc9 9e$ ,ey control 9e$ 1.1N.3 *oc9 9e$ *oc9 9e$ *oc9 9e$ Area master 9e$ *oc9 9e$ *oc9 9e$ *oc9 9e$
A#encies should maintain a re#ister of all 9e$s held and issued. Qe$ re#isters should be appropriatel$ secured and onl$ available to authorised emplo$ees. 0e#isters should include! 9e$ number name' position and location of person holdin# the 9e$ date and time issued' and date and time returned or reported lost.
A#encies are to limit the number of' and strictl$ control' all master 9e$s as the loss of a master 9e$ ma$ re?uire the re29e$in# of all loc9s under that master. ADAs should control the issuin# of all #rand master 9e$s as the$ ma$ #ive access to all areas of a facilit$. A#encies should audit 9e$ re#isters to confirm the location of all 9e$s re#ularl$ in accordance with the a#enc$@s ris9 assessment. A#encies@ decisions to allow the removal of 9e$s from their facilities are to be based on their ris9 assessment as this si#nificantl$ increases the ris9 of loss. Hhere a#encies allow 9e$s to be ta9en out of their facilities! mana#ers should approve the removal' and a#encies should increase the fre?uenc$ of 9e$ audits.
A#encies should provide all emplo$ees with trainin# on their 9e$ mana#ement polic$. >ey ca*inets A#encies should locate 9e$ cabinets within a facilit$@s secure perimeter and where possible within the perimeter of the Ione where the loc9s are located. Qe$ cabinets ma$ be manual or electronic. Commercial #rade 9e$ cabinets provide ver$ little protection from forced or covert access. DC-C2approved Class : 9e$ cabinets provide the same level of protection as other DC-C2 approved Class : cabinets. -lectronic 9e$ cabinets ma$ have automatic audit capacit$ and replace the need to maintain a 9e$ re#ister. /he$ ma$ be able to be inte#rated into the -ACD. =owever' there are currentl$ no electronic 9e$ containers suitable for hi#h securit$ applications unless used in conMunction with other control measures such as locatin# the 9e$ container within a securit$ room or area covered b$ a securit$ alarm.
3J
1.1N.4 Com!ination settings

Combination settin#s need to be memorised and a#encies are to 9eep onl$ one written record of each settin# for use in an emer#enc$. /he record is to be held in an appropriatel$ sealed envelope' classified with the hi#hest securit$ classification of the material held in the container' and stored appropriatel$. Copies of combinations would normall$ be 9ept b$ the ADA. A#encies are to be chan#e combination settin#s! when a container is first received b$ the a#enc$ after servicin# the loc9 after a chan#e of custodian or other person 9nowin# the combination when there is reason to believe the settin# has been' or ma$ have been' compromised in an$ case' not less fre?uentl$ than ever$ si> months' or when the container is disposed of b$ resettin# the loc9 to the manufacturer@s settin#.
-mplo$ees are to immediatel$ report the compromise or suspected compromise of a combination settin# to the ADA. A#encies should loc9 and service combination loc9s in accordance with the loc9 manufacturer@s instructions.
1.1N.A Doors
A#encies should select doors that provide a similar level of protection to the loc9s and hardware fitted. /here is si#nificant variation in commercial office door t$pes. /hese include' but are not limited to! solid core timber metal framed insert panel metal clad solid core or hollow core #lass swin# openin# rotatin# #lass' and #lass slidin#' sin#le and double.
Dolid core wooden or metal clad doors ma$ also have #lass or #rill insert panels. /he panels and fi>in#s are to provide the same level of protection as the door. ,oor t$pes and thic9nesses for Iones /hree to &ive are specified in the AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms Automatic slidin# #lass doors normall$ operate throu#h an electric motor and #uide fitted to the top of the door. Dome automatic slidin# #lass doors' particularl$ when unframed' ma$ be levered open either at the centre Moint for double slidin# doors or sides for double and sin#le slidin# doors. /his can ma9e them difficult to secure without fittin# drop bolts' lower #uides' and"or door Mambs.
3N
,omestic hollow core doorsFused for most internal domestic doorsFand domestic slidin# #lass doors provide ne#li#ible dela$ as the$ are easil$ forced. =owever' if fitted with appropriate loc9s the$ will provide a de#ree of intruder evidence when bro9en. Hhen selectin# securit$ doors' a#encies need to incorporate an$ re?uirements of the :uildin# Code of Australia and an$ disabilit$ access re?uirements. 0elated Dtandards! :D -)11A4!1KKJ 'uilding hard3are 5 *ontrolled door closing devices $e1uirements and test methods AD 414A.A 'uilding hard3are*ontrolled door closing devicesPart =+ $e1uirements and test methods ?soon to *e released@.
1.1K CC01 co#erage

A#encies can use closed circuit television CC/V% as a visual deterrent to unauthorised access' theft or violence and as an auditable access record. A#encies should see9 specialist advice in the desi#n of CC/V mana#ement s$stems. A#encies should consider the costs of CC/V s$stems as the$ can represent a si#nificant capital cost. (n addition' the on#oin# monitorin#' maintenance and support costs ma$ be hi#h. A#encies can use CC/V to cover and #ive a visual record of! site access points' includin# internal access to hi#her securit$ Pones full site perimeter covera#e' or access to specific ph$sical assets or wor9 areas.
A#encies are to compl$ with all relevant Murisdictional le#islation as well as Commonwealth le#islation #overnin# CC/V usa#e. Dee Anne> ,! *e#islation coverin# CC/V installation and usa#e. CC/V monitorin# ma$ be event2activated and used in conMunction with a securit$ alarm s$stem to help those responsible for respondin# to the alarm. 8r it ma$ be used in conMunction with an access control s$stem to aid personal identification for remote entr$ control. 6otion detectors' left item lac9 of motion detectors%' etc. can also be incorporated into CC/V monitorin# s$stems. Considerations on the use of CC/V include! how its use fits into the conte>t of the overall securit$ plan of the site the t$pe of incident anticipated and in what wa$ it will be e>pected to help the response to these incidents the need to advise staff and clients that it is in use on the premises' and the functional re?uirement.
A#encies should see9 specialist advice before desi#nin# and installin# a CC/V s$stem to ensure the proposed s$stem meets a#enc$ needs. (f it is e>pected that CC/V ima#es ma$ be used in court' the ?ualit$ of ima#es or data should be suitable for use as evidence in criminal proceedin#s.
3K
/he computers used to store ima#es ma$ re?uire si#nificant memor$ space to preserve ima#es at the ?ualit$ re?uired b$ the a#enc$. ->cessive compression ma$ lower the ?ualit$ to the point where the ima#es are no lon#er usable. A#encies should also consider the period that ima#es need to be retained when desi#nin# their s$stem. &or further information see the Council of Australian 7overnments publication0 A national approach to closed circuit television-ational code of practice for **T7 systems for the mass passenger transport sector for counter5terrorism. 0elated Australian Dtandards! AD 4N0B Det!200N CC/V Det!
AD 4N0B.1!200B *losed circuit television 8**T7:%anagement AD 4N0B.2!200B *losed circuit television 8**T7:Application guidelines AD 4N0B.3!200B *losed circuit television 8**T7:PA9 signal timings AD 4N0B.4!200N *losed circuit television 8**T7:$emote video.
1.20 Security lighting

A#encies should consider' at the desi#n sta#e' what the li#htin# is intended to achieve' for e>ample deter unauthorised entr$' assist #uards conductin# patrols' illuminate areas with CC/V covera#e and provide emplo$ees with safet$ li#htin# in car par9s. *i#htin#' both internal and e>ternal' can ma9e an important contribution to ph$sical securit$. Decurit$ li#htin# can also provide deterrence and help #uards to detect intruders. 6otion detection devices can also be set up so an$ detected movement will activate li#htin# and"or CC/V. A#encies should ensure that li#htin# meets the illumination re?uirements of an$ CC/V s$stems installed. /he (lluminatin# -n#ineerin# Dociet$ publication #ES5G5!5"> Guidelines on Security 9ighting for People0 Property and Pu2lic Spaces provides further advice on securit$ li#htin#.
1.21 Perimeter access control

A#encies with si#nificant threats or lar#er' multi2buildin#' facilities ma$ re?uire perimeter access controls to restrict access to their facilities' for e>ample ,efence establishments. /$pes of perimeter control include but are not limited to! fences and walls pedestrian barriers' and vehicular barriers.
40
1.21.1 -ences and .alls

&ences and walls can be used to define and secure the perimeter of a facilit$. A#encies should determine the need for perimeter fencin# durin# their initial securit$ ris9 assessment' before finalisin# the selection of a site. &ences ma$ be impractical for sites in the urban environment' particularl$ in central business districts. /he level of protection a fence will #ive depends on its hei#ht' construction' the material used' access control and an$ additional features used to increase its performance or effectiveness such as toppin#' li#htin# or connection to an ->ternal alarms or CC/V s$stem. A#encies that use fences and walls to prevent or deter unauthorised access are to develop supportin# procedures to monitor and maintain the fences and monitor the #rounds for unauthorised access. A#encies should ensure that access points are at least as stron# as an$ fence or wall used. /he DC-C Security E1uipment *atalogue contains fences and .(,D suitable for hi#h threat environments. 0elated :ritish and Australian Dtandards! :D1J22F12!200B Fences 5 Specification for steel palisade fences :D1J22L14!200B FencesSpecification for open mesh steel panel fences AD 1J2A!2003 *hain5link fa2ric security fencing and gates Chain lin9 fences provide minimal securit$ unless used in conMunction with other security measures such as P#(S: AD")ID 301B!2002 Electrical installationsElectric security fences.
1.21.2 Pedestrian !arriers

A#encies ma$ need to restrict pedestrian access throu#h fences or walls b$ installin# controlled entr$ and e>it points. /his ma$ include loc9ed #ates' #ates connected to -ACD or alarm s$stems' manned #uard stations and turnstiles. /he DC-C Security E1uipment *atalogue contains some pedestrian barriers suitable for hi#h threat environments.
1.21.3 'ehicle !arriers

A#encies should assess whether vehicle barriers are warranted at their premises. :ritish Dtandard .AD BK!200B Guidelines for the specification and installation of vehicle security 2arriers provides some advice on selectin# suitable fi>ed barriers. /he DC-C Security E1uipment *atalogue contains some movable barriers suitable for hi#h threat environments.
1.22 Security containers and ca*inets

Hhen selectin# securit$ containers and ca2inets0 agencies are to evaluate the insider threatF that is' the risk of theft0 damage or other compromise of ph$sical assets and informationFb$ people with le#itimate access to a#enc$ premises? as 3ell as e4ternal threat sources
41
Agencies should secure official information0 porta2le valua2le ph$sical assets and mone$ in suitabl$ assessed containers appropriate to the business impact of the compromise' loss of inte#rit$ or unavailabilit$ of the information and assets' and the identified ris9s. &actors that will affect the class of securit$ container or secure room re?uired include! the level of classification the value and attractiveness of the information or ph$sical assets to be stored the location of the information or ph$sical assets within a facilit$ the structure and location of the buildin# access control s$stems' and other ph$sical protection s$stemsFfor e>ample' loc9s and alarms.
A#encies are to store securit$ classified information separatel$ from other ph$sical assets. /his will! lower the li9elihood of compromise of information when ph$sical assets are stolen' and help investigators determine the reason for any incidents involving unauthorised access
Agencies should ensure valua2le ph$sical assets that contain official information' such as computers and other (C/ e?uipment' are protected from! compromise of the a##re#ation of information on the ph$sical asset' or loss of the ph$sical asset
whichever has the hi#her business impact level.
1.22.1 #CEC*approved security containers

DC-C2approved security containers are designed for storage of security classified information They are not suita2le for the storage of valua2le ph$sical assets. ,ue to their desi#n these containers provide a hi#h level of tamper evidence of covert attac9 and si#nificant dela$ from surreptitious attac9' but limited protection from forcible attac9. /here are three levels of DC-C2approved containers! Class AA,esi#ned to protect information that has an e>treme or catastrophic business impact level in hi#h ris9 situations. /hese containers are e>tremel$ heav$ and ma$ not be suitable for use in some buildin#s with limited floor loadin#s. Class BA,esi#ned to protect information that has an e>treme or catastrophic business impact level in low ris9 situations and information that has a hi#h or ver$ hi#h business impact level in hi#her ris9 situations. /hese containers are robust filin# cabinets or compactuses fitted with a combination loc9. /here are broadl$ two t$pes!
heav$ t$pes suitable for use where there are minimal other ph$sical controls' and li#hter models desi#ned for use in conMunction with other ph$sical securit$ measures. A#encies should consider the sitin# of Class : containers as the wei#ht ma$ be an issue' particularl$ in older buildin#s. Class CA,esi#ned to protect information that has up to an e>treme business impact level in low ris9 situations' and information that has a medium business impact level in hi#her ris9
42
situations. /hese containers are fitted with a DC-C2approved restricted 9e$ed loc9 and are of similar construction to the li#hter Class : containers. A#encies ma$' where their ris9 assessments indicate' use loc9able commercial containers for! information with a low to medium business impact and a DC-C2approved container is not re?uired' or hi#her level information within a DC-C2approved securit$ room.
1.22.2 Commercial safes and vaults

A#encies should store valuable ph$sical assets in commercial safes and vaults desi#ned to #ive a level of protection a#ainst forced entr$ commensurate with the business impact level of the assets. As commercial #rade securit$ safes and vaults can provide var$in# de#rees of protection' agencies should seek the advice of a 1ualified locksmith or manufacturer 3hen determining the criteria they need to apply 3hen selecting commercial safes and vaults Safes and vaults can 2e+ fire resistant 8either document or data: 2urglary resistant0 or a com2ination of 2oth
See Anne4 E+ Safe and vault types for more details on safe and vault types and functions /he Australian Dtandard AD")ID 3N0K!1KKN Safes and strongrooms provides advice on desi#n criteria for safes and stron#rooms used to protect valuable ph$sical assets. #t categorises safes and vaults as+ Basic+ suita2le for homes0 small 2usinesses0 offices0 etc Commercial/ suita2le for medium retail0 real estate agents0 etc Bedium security+ suita2le for large retail0 post offices0 etc <igh security+ suita2le for financial institutions0 clu2s0 etc +&tra high security 8vaults only:+ suita2le for high volume financial institutions0 etc
A#encies ma$ use safes and vaults from the followin# (nternational Dtandards that meet similar desi#n criteria as the Australian Dtandard! -) 144A0FSecure storage units $e1uirements0 classifications and methods of test for resistance to 2urglary Secure safe ca2inets +* BNJF'urglary5resistant safes.
/he followin# (nternational Dtandards provide advice on testin# for fire resistance in safes! +* J2FTests for fire resistance of records protection e1uipment J(D D 103JFStandard fire test QD7 4A00FFire resistant.
43
1.22.3 'ehicle safes

A#encies should consider fittin# vehicle safes to vehicles used b$ field staff when the$ are carr$in# valuable ph$sical assets or official information. /hese safes are of similar construction to low #rade commercial securit$ containers or DC-C Class C containers and are bolted to the floor of vehicles. /he$ #ive some protection a#ainst opportunist theft. Vehicle safes are onl$ of value when vehicles are fitted with other anti2theft controls such as alarms and immobilisers. /he$ should be fitted out of si#ht in the boot of sedans or the lu##a#e area of other vehicles.
1.23 Security rooms8 strongrooms and #aults

A#encies with lar#e ?uantities of official information or valuable ph$sical assets' where their compromise' loss of inte#rit$ or unavailabilit$ would have a business impact' ma$ use a securit$ room' stron#room or vault' instead of containers to protect the information or ph$sical assets. Dee Decurit$ containers and cabinets for #uidance on determinin# the t$pe of room re?uired. Decurit$ rooms are suitable for the stora#e of lar#e ?uantities of official information. /he AD(8 /echnical )otes Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ $ooms and Technical -ote & Physical Security of Secure Areas.S$! $ooms provide advice on construction of securit$ rooms. DC-C2approved demountable class A and : securit$ rooms are listed in the D-C. A#encies should see9 advice from a reputable manufacturer before installin# a commercial vault or stron# room for the protection of valuable ph$sical assets.
44
0a*le %' Selecting security containers or rooms to store official information A#encies are to use the followin# table when selectin# the minimum level of securit$ containers or securit$ rooms for storin# official information where the compromise' loss of inte#rit$ or unavailabilit$ of the information has a business impact level. A#encies are to assess the business impact of the compromise' loss of inte#rit$ or unavailabilit$ the a##re#ation of information before determinin# the level of container re?uired. A limited holdin# of information is an amount where compromise' loss of inte#rit$ or unavailabilit$ does not increase the business impact level.
!one :ne +nclassified official information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a low business impact A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a medium business impact level. 8r limited holdin#s of information with an &8+8 or Densitive1 ,*6 A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a hi#h business impact level. 8r limited holdin#s of .08/-C/-, information A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have a ver$ hi#h business impact level. 8r limited holdin#s of C8)&(,-)/(A* information ,etermined b$ a#enc$ ris9 assessment' loc9ed commercial container recommended DC-C Class C !one 06o ,etermined b$ a#enc$ ris9 assessment !one 0hree ,etermined b$ a#enc$ ris9 assessment !one 7our ,etermined b$ a#enc$ ris9 assessment !one 7i#e ,etermined b$ a#enc$ ris9 assessment
,etermined b$ a#enc$ ris9 assessment' secured from unauthorised access DC-C Class C
,etermined b$ a#enc$ ris9 assessment
8n#oin# stora#e not recommended' if unavoidable DC-C Class C )ot permitted
,etermined b$ a#enc$ ris9 assessment' DC-C Class C recommended DC-C Class C
DC-C Class :
,etermined b$ a#enc$ ris9 assessment DC-C Class C is recommended
4A
!one :ne A##re#ated information the compromise' loss of inte#rit$ or unavailabilit$ of which would have an e>treme business impact level. 8r limited holdin#s of D-C0-/ information /8. D-C0-/ classified information information the compromise' loss of inte#rit$ or unavailabilit$ of which would have an catastrophic business impact level )otes! )ot permitted
!one 06o DC-C Class A
!one 0hree DC-C Class :
!one 7our DC-C Class C
!one 7i#e DC-C Class C
)ot permitted
)ot permitted
)ot normall$ permitted.2 (n e>ceptional circumstances DC-C Class A%
)ot normall$ permitted.2 (n e>ceptional circumstances DC-C Class :%
DC-C Class :
1. (nformation with a Densitive ,*6 will have specific handlin# re?uirements included as a footer or cover pa#e to the document. Hhere these handlin# re?uirements e>ceed the re?uirements of this table the hi#her is re?uired to be applied' Dee the #nformation security management guidelinesProtectively marking and handling sensitive and security classified information . 2. (n e>ceptional circumstances to meet an operational re?uirementFfor e>ample' where /8. D-C0-/ information cannot be returned to a Ione &ive area Fa#encies ma$ store /8. D-C0-/ information for a period not to e>ceed five da$s in a Ione /hree or &our area. ADAs should initiall$ see9 advice from AD(82/4 before implementin# arran#ements for the temporar$ stora#e of /8. D-C0-/ information outside a Ione &ive area.
4B
0a*le ,' Selecting safes or #aults to )rotect #alua*le )hysical assets A#encies should use the followin# table as a #uide to selectin# commercial safes and vaults for storin# valuable ph$sical assets where their compromise' loss of inte#rit$ or unavailabilit$ has a business impact level on the a#enc$. A#encies should use other controls that #ive the same level of intrusion resistance and dela$ for items that cannot be secured in safes or vaults' such as lar#e items. A#encies should consult with a suitabl$ ?ualified loc9smith or vault manufacturer to determine the appropriate safe or vault for their needs.
!one :ne .h$sical assets the loss of which would have a low business impact level .h$sical assets the loss of which would have a medium business impact level .h$sical assets the loss of which would have a hi#h business impact level .h$sical assets the loss of which would have a ver$ hi#h business impact level .h$sical assets the loss of which would have an e>treme business impact level .h$sical assets the loss of which would have a catastrophic business impact level ,etermined b$ a#enc$ ris9 assessment' loc9ed commercial container recommended ,etermined b$ a#enc$ ris9 assessment' commercial safe or vault recommended Commercial safe or vault !one 06o ,etermined b$ a#enc$ ris9 assessment' loc9ed commercial container recommended ,etermined b$ a#enc$ ris9 assessment Commercial safe or vault !one 0hree ,etermined b$ a#enc$ ris9 assessment !one 7our ,etermined b$ a#enc$ ris9 assessment
,etermined b$ a#enc$ ris9 assessment ,etermined b$ a#enc$ ris9 assessment' commercial safe or vault recommended Commercial safe or vault
,etermined b$ a#enc$ ris9 assessment ,etermined b$ a#enc$ ris9 assessment ,etermined b$ a#enc$ ris9 assessment' commercial safe or vault recommended Commercial safe or vault
AD 3N0K commercial safe or vault AD 3N0K hi#h securit$ safe or vault Dhould not be held unless unavoidable
Commercial safe or vault
AD 3N0K medium securit$ safe or vault Dhould not be held unless unavoidable
AD 3N0K commercial safe or vault AD 3N0K hi#h or ver$ hi#h securit$ safe or vault
AD 3N0K medium or hi#h securit$ safe or vault
4J
1.24 :ther controls

/here are a number of other control measures that a#encies can be use in specific situations. /he followin# are some indicative e>amples and a#encies should determine which controls best meets their re?uirements. 0a*le 2' Additional controls to address s)ecific risks /he followin# list provides e>amples of additional measures that ma$ be used to address specific threats. (t is not e>haustive.
Beasure (ndividual duress alarm S)ecific risks addressed .ersonal safet$ concerns for personnel in the field or unpatrolled public areas. 6a$ be of value for tele2wor9ers =idden"fi>ed duress alarm .ersonnel safet$ concerns for reception areas and meetin# rooms. 6a$ be of value for home based wor9ers Vehicle alarm ,eter vehicle theft or theft of information and ph$sical assets from vehicles .revent vehicle theft ,eter theft of information and ph$sical assets from vehicles .rovide additional protection to valuable ph$sical assets in premises. .rovide protection for ph$sical assets on displa$ .rotection of e>tremel$ sensitive information 0estrict access b$ a##ressive clients or members of the public. Allow re#ular meetin#s with clients or the public without accessin# securit$ areas .rovide a sin#le point of entr$ for all deliveries. Control mail2born threats from enterin# a facilit$ without screenin# /echnical surveillance counter 0educe vulnerabilit$ to' or detect' the unauthorised interception of and audio securit$ sensitive or securit$ classified information. 0educe vulnerabilit$ to electronic eavesdroppin# on sensitive conversations Conference securit$ ->tra measures ta9en for a conference where securit$ classified information is bein# discussed or handled.
Vehicle immobilisation Vehicle safe (ndividual item alarm"alarm circuit /wo person access s$stem &ront counters and interview or meetin# rooms
6ailrooms and deliver$ areas
4N
1.24.1 'ehicle immo!ilisation

A#encies should consider vehicle immobilisation to reduce the loss of vehicles to theft. Vehicle immobilisation can be broadl$ divided into two t$pes! automatic immobilisation of a vehicle when not in use and re?uires the 9e$ or electronic to9en to start the vehicle' or remote immobilisation' normall$ in conMunction with a remote trac9in# and alarm s$stem that can disable a vehicle while in use.
1.24.2 -ront counters and intervie. or meeting rooms

A#encies that have interaction with the public or clients who ma$ become a#itated are to install measures that miti#ate the ris9s to emplo$ee safet$. /his could include' but is not limited to' a specialised front counter that limits ph$sical access to emplo$ees' and interview"meetin# rooms that are monitored b$ #uards or fitted with duress alarms. A#encies with re#ular client or public interaction should consider establishin# interview or meetin# rooms accessible from their public areas. &or further advice see ComcareFVirtual officeFVisitor a##ression.
1.24.3 0ailrooms and delivery areas

6ailrooms and parcel deliver$ areas are areas of si#nificant ris9 to a#encies from improvised e>plosive devices' chemical' radiolo#ical and biolo#ical attac9s. A#encies are to assess the li9elihood of mail borne attac9 and' if warranted' appl$ suitable ph$sical miti#ationsFfor e>ample' mail screenin# devices' a standalone deliver$ area' usin# a commercial mail receivin# and sortin# service. A#encies are to have mail handlin# policies and procedures that are available to all staff. A#encies are to #ive mailroom staff detailed trainin# in the use of an$ mail handlin# procedures and"or screenin# e?uipment used in their a#enc$. A#encies should select mail and parcel screenin# and handlin# e?uipment that meets its needs and complies with Australian Dtandard =andboo9 =:32NL200K! %ailroom security.
1.24.4 Technical surveillance counter measures and audio security

/echnical surveillance counter measures /DC6% services are used to provide a hi#h level of assurance that sensitive a#enc$ information is free from unauthorised surveillance and access. /DC6 is mainl$ a detection function that see9s to locate and identif$ covert surveillance devices! before an event as part of a pro#rammed technical securit$ inspection or surve$' or as a result of a concern followin# a securit$ breachFfor e>ample' the unauthorised disclosure of a sensitive discussion.
A /DC6 surve$ also see9s to identif$ technical securit$ wea9nesses and vulnerabilities includin# the evaluation of ph$sical securit$ controls such as loc9s' alarms and -ACD.
4K
A#encies are to have /DC6 surve$s carried out for! areas where /8. D-C0-/ discussions are re#ularl$ held' or the compromise of other discussions ma$ have a catastrophic business impact' and before conferences and meetin#s where /8. D-C0-/ discussions are to be held.
A#encies should initiall$ see9 advice from AD(82/4 on the /DC6 measures re?uired. A#encies that need to hold classified or sensitive telephone conversations are re?uired to meet the lo#ical controls in the (D6.
1.24.A Conference security

/he aims of conference securit$ are to! prevent unauthorised people #ainin# access to official information or ph$sical assets protect the people attendin# the conference protect propert$ from dama#e' and ensure the proceedin#s are conducted without disruption.
A#encies should underta9e a securit$ ris9 assessment before holdin# a conference to identif$ and miti#ate an$ identified ris9s and' if warranted' develop a specific conference securit$ plan. Conference securit$ re?uirements are detailed in the Australian Government physical security management guidelinesEvent Security.
A0
Physical security elements in administrati#e security

A#encies use ph$sical securit$ e?uipment in administrative securit$ procedures. /hese can include' but are not limited to! a#enc$ personnel transportin# small ph$sical assets and information out of a#enc$ premises' or transferrin# hard cop$ information to other a#encies usin#!
securit$ briefcases sin#le use pouches reusable pouches and containers' and seals destruction of classified information' usin#' for e>ample' disinte#rators and shredders.
A#encies should refer to the DC-C Security E1uipment *atalogue when selectin# this ph$sical securit$ e?uipment.
1.2A 0rans)orting information and )hysical assets

1.2A.1 'alua!le physical assets
A#encies should see9 advice from their insurers when developin# procedures to transport valuable ph$sical assets. Hhile there is little ris9 from covert access most ph$sical assets are more at ris9 from theft durin# transport than when housed in an a#enc$ facilit$. Dome control measures ma$ include escorts or #uards' or use of secure transport specialists.
1.2A.2 Classified information

.h$sical securit$ e?uipment used to transport securit$ classified information provides some protection from opportunist access' but ver$ limited protection from covert access. A#encies should develop procedures that minimise the possibilit$ of unauthorised access durin# transport. /his could include ensurin# that classified information is 9ept under the control of an emplo$ee or b$ usin# a DC-C2approved overni#ht or safehand courier. &or further details on carria#e of information outside a#enc$ premises see Australian Government information security management guidelines%arking and handling sensitive and security classified information. Security *riefcase A#encies should use securit$ briefcases when carr$in# small amounts of securit$ classified information' or a##re#ations of information with a hi#h business impact level or above. -mplo$ees usin# securit$ briefcases should 9eep the briefcase in their possession at all times. Decurit$ briefcases are desi#ned to #ive limited protection a#ainst opportunist access and some evidence of tamperin#. /he$ are not a replacement for securit$ containers. /he$ do not protect
A1
a#ainst forced entr$. A s9illed person ma$ also covertl$ open a securit$ briefcase. Dee the DC-C Security E1uipment *atalogue. Single use )ouches A#encies ma$ use DC-C2approved sin#le use pouches in lieu of! paper envelopes and seals for inner envelopes' or outer envelopes in double envelopin#. 5afer seals /here are currentl$ no DC-C2approved wafer seals for use in transportin# classified information usin# double envelopin#. Reusa*le )ouches A#encies ma$ use reusable pouches instead of outer envelopes when double envelopin#.
1.2B .estruction e(ui)ment

,estruction e?uipment is used to destro$ securit$ classified information paper2based and (C/ media% so that the resultant waste particles cannot be re2constructed to enable the recover$ of information. /he main methods of destro$in# paper or (C/ media are! shreddin# pulverisin#' and disinte#ratin#.
.ulpin# ma$ used for paper2based information. A#encies are to destro$ securit$ classified information usin# DC-C2approved destruction e?uipment' unless usin# an AD(8 approved destruction service. /o ensure all paper2based information is destro$ed to the re?uired particle siPe for the business impact of the compromise of the information' a#encies should refer to the AD(8 .rotective Decurit$ Circulars .DCs%! .DC )o. A3 E4ternal (estruction of -ational Security *lassified %atter' and .DC )o. J3 *lassified @aste (estruction.
:oth documents are available to ADAs from AD(82/4. A#encies should refer to the DC-C D-C for further details on destruction e?uipment. /he ,efence Di#nals ,irectorate can advise on selection and use of destruction e?uipment for (C/ media. Dee the (D6F.roduct securit$ and media securit$.
1.2B.1 #hredders
A#encies ma$ use shredders to destro$ paper and (C/ mediaFfor e>ample' C,s' sin#le and dual la$er ,V,s.
A2
Pa)er shredders Commercial strip shredders are not suitable for the destruction of classified or sensitive waste. An$bod$ wishin# to access the information will have little difficult$ reconstructin# the pa#es from the resultant strips. Cross cut shredders produce smaller pieces that are harder to reconstruct. /he smaller the particle siPe the more secure the results. A#encies are to use the followin# shredders to destro$ paper2based securit$ classified information! Class A shredder! ma>imum particle siPe 1 mm > 20 mmFsuitable for all levels of business impact. Class B shredder! ma>imum particle siPe 2.3 mm > 2A mmFsuitable for business impact levels up to and includin# hi#h.
Hhere possible a#encies should use a commercial crosscut shredder for paper waste for official information where the compromise has a business impact level up to and includin# medium. Alternativel$ the$ ma$ use an AD(82approved destruction compan$ for all levels of classified information up to D-C0-/' or /8. D-C0-/ when directl$ supervised b$ an a#enc$ officer. &or further details on selectin# shredders see the DC-C Security E1uipment *atalogue. IC0 media shredders A#encies should refer to the D-C to select DC-C2approved media shredders to destro$ (C/ media. &urther details on procedures for the destruction of official information is in the Australian Government information security management guidelines%arking and handling sensitive and security classified information.
A3
Anne& A'
Physical security measures checklist
/he followin# self assessment tool has been developed to assist a#encies in determinin# the Decurit$ Ione desi#nation for their facilities or areas. &rom this a#encies can decide the t$pes of ph$sical assets and classification of information that can be handled in the facilit$. A#encies should modif$ this tool to meet their policies and a#enc$ construction #uidelines.
7acility=Area details
&acilit$"area name Address ,etails of current" proposed uses
Additional risks
A#encies are to consider an$ ris9s to their people' information and ph$sical assets within their wor9 spaces. Hhere possible a#encies are to reduce an$ residual ris9s to an acceptable level. Hhere that is not possible a#encies are to reduce the li9elihood of an$ threats eventuatin# to an acceptable level' b$ appl$in# additional controls. Dee -rror! 0eference source not found and /able J! Additional controls to address specific ris9s for some e>amples of threats and controls. )o . Dpecific ris9s Additional controls re?uired to meet the ris9s
A4
!one ratings assessment tool

(n addition to the controls re?uired for a#enc$ specific threats' a#encies are to appl$ some minimum controls to accredit their Iones. /he effectiveness of controls can be cate#orised as ne#li#ible to low' medium' hi#h and ver$ hi#h. /he followin# self assessment tool will assist a#encies in identif$in# e>istin# controls and their level of effectiveness to determine a Ione ratin#. A#encies should modif$ this tool to meet their policies and a#enc$ construction #uidelines.
4o. Control ty)e Binimum re(uired for !ones 1 'uilding construction elements )ormal construction to the Australian :uildin# CodeF/o6 ?/@ )ormal construction to the Australian :uildin# Code and! - slab2to2slab construction at all e#ress points' or - tamper evident ceilin#' or ,etermined b$ a#enc$ ris9 assessment 2 6Fout2of2hours*Fbusiness hours 3 = 4 = A V= +ffecti#enes s achie#ed !one achie#ed
- Construction to AD(8 Technical -ote & Physical Security of #ntruder $esistant Areas.S$/ roomsFBedium ?B@
Construction to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms or usin# elements tested to AD 3AAA.1L2003F<igh ?<@ Construction to AD(8 Technical -ote & Physical Security of Secure Areas.S$! $ooms and Dupplement to the /echnical )ote L Physical Security of T)P SE*$ET areas1ery high ?1<@
AA
4o.
Control ty)e
Binimum re(uired for !ones 1 ,etermined b$ a#enc$ ris9 assessment 2 ,etermined b$ a#enc$ ris9 assessment 6% 3 = 4 A
)ut of hours alarm system .art of access control s$stem or AD 2201 class 1 or 2F/ AD 2201 class 3L4FB AD 2201 class AF< DC-C /$pe 1F1< 8n site #uards ma$ be used in lieu of an alarm s$stem in Iones /wo and /hree%
V= V=
)ut of hours alarm response 8ut of hours response from offsite R 30 minutesFB 8ut of hours response from offsite S 30 minutesF< 24"J onsite #uards with immediate responseF1< ma$ be used in lieu of an alarm s$stem in Iones /wo and /hree%
+ffecti#enes s achie#ed
!one achie#ed
AB
4o.
Control ty)e
Binimum re(uired for !ones 1 2 (f an alarm is used 6% ,etermined b$ a#enc$ ris9 assessment *% 3 6 4 6 A =
Access control system Card onl$ re?uired for accessF/ Dectionalised access s$stemFB ,ual authenticationF<
#ntegration of alarm and access control systems &ull$ inte#rated with buildin# mana#ement s$stemsF/ Alarm s$stem cannot be disabled b$ access control s$stemFB *imited one wa$ information e>chan#e from access control s$stem and disables access control s$stem when activatedF< Alarm s$stem is a standalone s$stem and disables the access control s$stem when activatedF 1<
V=
!one achie#ed
AJ
4o.
Control ty)e
Binimum re(uired for !ones 1 ,etermined b$ a#enc$ ris9 assessment 2 6 3 = 4 A
7isitor control Visitor re#isterF/ Visitor re#ister and escorted visitors in sensitive part of facilit$F B Visitor re#ister and escorted visitors in whole of PoneF < Visitor re#ister and visitors e>cluded unless there is an identified needF 1<
V= V=
9ocks and hard3are Commercial #rade loc9s fitted to doorsF4egligi*le ?4@ Commercial #rade loc9s and hardware fitted to all access pointsF B DC-C2approved loc9s and hardware fitted to all access pointsF <
:uildin#s loc9ed out of hours
!one achie#ed
AN
4o.
Control ty)e
Binimum re(uired for !ones 1 2 6 3 = 4 = A =
Aeying systems Commercial 9e$in# s$stemF/ Commercial restricted 9e$in# s$stemFB DC-C approved 9e$in# s$stemF<
Security containers and ca2inets Dee /able A! Delectin# securit$ containers or rooms to store official information Safes and vaults Dee /able B! Delectin# safes or vaults to protect valuable ph$sical assets **T7 coverage -ntr$"e>it covera#eF/ &ull perimeter covera#eFB (nternal access point covera#eFB CC/V inte#rated with electronic mana#ement s$stemF< Security lighting (nternal office li#htin# onl$F4 *i#htin# of e>terior e#ress pointsF/ &ull perimeter li#htin#F<
,etermined b$ a#enc$ information holdin#s ,etermined b$ a#enc$ ph$sical asset holdin#s ,etermined b$ a#enc$ ris9 assessment
!one achie#ed
AK
4o.
Control ty)e
Binimum re(uired for !ones 1 2 3 4 A
Perimeter access control Vehicle control measuresF/ .edestrian control measuresF/ .erimeter fences at least 2.4 m hi#hF4 -lectronic monitorin# incorporated into fencesFB to < #ndividual alarms ,uress alarms with 24"J monitorin# and immediate responseF B (ndividual ph$sical asset alarm circuit with response R 30 minutesF / (ndividual ph$sical asset alarm circuit with response S 30 minutesF B
!one achie#ed
B0
Additional controls to address specific risks (nsert details Dee /able J! Additional controls to address specific ris9s for e>amples%
B1
!one accreditation
/o6est !one achie#ed in any control ty)e /his the ma>imum Pone ratin# achievable for the facilit$"area% Additional controls im)lemented to mitigate additional threats 4o. 1. 2. 3. 4. Ione ratin# depends on meetin# all re?uired certification. Dee /able 4! Dummar$ of certification re?uirements.% Assessin# officer@s name and position! Assessin# officer@s si#nature! ,ate! Additional certifications re(uired 4o. 1. 2. 3. 4. Certification re(uirement .ate certified Certifying officerCs name " " Control
Accreditin# officer@s name and position! Accreditin# officer@s si#nature! ,ate! " "
B2
Anne& B' Summary of e(ui)ment tested *y the Security Construction and +(ui)ment Committee and guidelines to assist agencies in selecting commercial e(ui)ment
/he Security E1uipment *atalogue D-C% is bein# pro#ressivel$ replaced b$ the Security e1uipment evaluated product list D--.*%. Dome ph$sical and administrative securit$ e?uipment that was previousl$ listed in the D-C will move to the D--.*. 8ther e?uipment' where commercial e?uipment is suitable' will no lon#er be listed. /o assist a#encies in selectin# commercial e?uipment the Decurit$ Construction and -?uipment Committee DC-C% is developin# the E1uipment selection guidelines. /he followin# table is a summar$ of the e?uipment that will be tested b$ DC-C and appear in the D--.* and #uidelines. /his list will be periodicall$ reviewed to meet the Australian 7overnment@s ph$sical securit$ needs.
S/1 Information and asset security Security detection systems /$pe 1 DAD :iometrics input devices and sub2s$stems Volumetric detection internal% Volumetric detection special purpose' e.#. (ntrinsicall$ safe devices% Dwitches balanced reed' etc.% -lectronic access control s$stems sensor elements' input devices etc.' e>cludin# complete s$stems -lectronic access control s$stems Qe$ switches L electrical Containers Container *oc9s Class A' : and C doors Class A' : and C modular rooms Class A' : and C containers Biscellaneous Qe$ cabinets base and intelli#ent cabinets% Dafes L protection of assets .oors Dtandalone access control devices 6ortice loc9s and stri9es 7uide to be developed 7uide to be developed DC-C DC-C DC-C DC-C 7uide to be developed 7uide to be developed DC-C DC-C )"A DC-C DC-C DC-C )"A 7uide to be developed 7uide to be developed DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C S/$ S/3 S/
7uide to be developed 7uide to be developed
7uide to be developed 7uide to be developed
B3
S/1 6a#netic loc9s -lectric stri9es -lectric mortice loc9s Peri)heral locking hard6are Qe$in# s$stems .adbolts .adloc9s chains and harps =in#e bolts Dtri9e shields and bloc9er plates Cable transfer hin#es ,oor closers .oors and access control )ortals .ortals ,oor operators ,oors Perimeter security ?facility )rotection@ Barriers Cable pits and plinths Active vehicle barriers &i>ed vehicle barriers &ences and #ates 5indo6s Hindow #rilles Hindow loc9s 7laPin# anti2shatter film Hindow #laPin# and frames Perimeter intrusion de#ices detection ?PI.S@ :arrier mounted .(,D 7round based .(,D Volumetric .(,D Video motion detection Administrati#e Deals Din#le use pouches Dhredders ,estructors 6ail securit$ DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C
S/$
S/3 DC-C DC-C DC-C DC-C DC-C DC-C DC-C
S/ DC-C DC-C DC-C DC-C DC-C DC-C DC-C
7uide to be developed 7uide to be developed 7uide to be developed DC-C
7uide to be developed Commercial ?ualit$ Commercial ?ualit$ Commercial ?ualit$ Commercial ?ualit$ 7uide to be developed Commercial ?ualit$ Commercial ?ualit$ )ot currentl$ evaluated
DC-C DC-C
DC-C DC-C
DC-C DC-C
DC-C DC-C
DC-C DC-C
7uide to be developed 7uide to be developed 7uide to be developed AD(8 /ech note )o 2% 7uide to be developed 7uide to be developed Currentl$ not evaluated DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C DC-C
7uide to be developed DC-C DC-C DC-C DC-C DC-C DC-C
7uide to be developed 7uide to be developed 7uide to be developed
B4
S/1 :riefcases
S/$
S/3
S/
7uide to be developed
BA
Anne& C' Summary of -urisdictional guard licencing legislation

Durisdiction Australian Capital /erritor$ Commonwealth Act Decurit$ (ndustr$ Act 2003 Aviation /ransport Decurit$ Act 2004 6aritime /ransport and 8ffshore &acilities Decurit$ Act 2003 Decurit$ (ndustr$ Act 1KKJ .rivate Decurit$ Act 1KKA Regulation Decurit$ (ndustr$ 0e#ulation 2003 6aritime /ransport and 8ffshore &acilities Decurit$ 0e#ulations 2003 Aviation /ransport Decurit$ 0e#ulations 200A Decurit$ (ndustr$ 0e#ulation 200J .rivate Decurit$ Crowd Controllers% 0e#ulations 200B .rivate Decurit$ 6iscellaneous% 0e#ulations 200B .rivate Decurit$ Decurit$ &irms% 0e#ulations 200B .rivate Decurit$ Decurit$ 8fficers% 0e#ulations 200B Decurit$ .roviders 0e#ulation 1KKA Decurit$ and (nvesti#ation A#ents 0e#ulations 1KKB Decurit$ and (nvesti#ations A#ents 0e#ulation 200A .rivate Decurit$ 0e#ulations 200A Decurit$ and 0elated Activities Control% 0e#ulations 1KKJ
)ew Douth Hales )orthern /erritor$
Oueensland Douth Australia /asmania Victoria Hestern Australia
Decurit$ .roviders Act 1KK3 Decurit$ and (nvesti#ation A#ents Act 1KKA Decurit$ and (nvesti#ations A#ents Act 2002 .rivate Decurit$ Act 2004 Decurit$ and 0elated Activities Control% Act 1KKB
BB
Anne& .' /egislation co#ering CC01 installation and usage

Rele#ant Common6ealth8 state and territory legislation and regulations Commonwealth and #eneral .rivac$ Act 1KNN .rivac$ Amendment Act 2000 .rivac$ Amendment Act 2004 .rivac$ .rivate Dector% 0e#ulations 2001 AC/ *istenin# ,evices Act 1KK2 Decurit$ (ndustr$ Act 2003 AC/% Decurit$ (ndustr$ 0e#ulation 2003 AC/% AC/ 8=TD le#islation and re#ulations )DH .rivac$ and .ersonal (nformation .rotection Act 1KKN .rivac$ and .ersonal (nformation .rotection 0e#ulation 200A .rivac$ Code of .ractice 7eneral% 2003 Decurit$ (ndustr$ Act 1KKJ )DH% Decurit$ (ndustr$ Amendment Act 200A Decurit$ (ndustr$ Amendment Act 200N Decurit$ (ndustr$ 0e#ulation 200J )DH% Hor9place Durveillance Act 200A Hor9place Durveillance 0e#ulation 200A )DH 8=TD le#islation and re#ulations )/ Durveillance ,evices Act 200J Durveillance ,evices 0e#ulations )/% .rivate Decurit$ Act )/% .rivate Decurit$ 0e#ulations )/% )/ 8=TD le#islation and re#ulations O*, (nvasion of .rivac$ Act 1KJ1 Decurit$ .roviders Act 1KK3 O*,% Decurit$ .roviders 0e#ulation 200N O*, 8=TD le#islation and re#ulations DA *istenin# and Durveillance ,evices Act 1KJ2 *istenin# and Durveillance ,evices 0e#ulations 2003 Decurit$ and (nvesti#ation A#ents Act 1KKA DA% Decurit$ and (nvesti#ation A#ents 0e#ulations 1KKB DA% DA 8=TD le#islation and re#ulations /AD *istenin# ,evices Act 1KK1 *istenin# ,evices 0e#ulations 2004 Decurit$ and (nvesti#ations A#ents Act 2002 /as% Decurit$ and (nvesti#ations A#ents 0e#ulations 200A /as%
BJ
Rele#ant Common6ealth8 state and territory legislation and regulations
/AD 8=TD le#islation and re#ulations V(C Durveillance ,evices Act 1KKK Durveillance ,evices 0e#ulations 200B .rivate Decurit$ Act 2004 V(C% .rivate Decurit$ 0e#ulations 200A V(C% V(C 8=TD le#islation and re#ulations HA Durveillance ,evices Act 1KKN Durveillance ,evices 0e#ulations 1KKK Decurit$ and 0elated Activities Control% Act 1KKB HA% Decurit$ and 0elated Activities Control% 0e#ulations 1KKJ HA% HA 8=TD le#islation and re#ulations -lectrical safet$ Acts and 0e#ulations applicable in the relevant state or territor$ also need to be considered
BN
Anne& +/
:ur#lar$ resistant
#afe and vault types
Dafes and vaults are #enerall$ split up into three distinct cate#ories. /hese are!
&ire resistant documents% 6edia data% safes
=$brid safes that cross between fire resistant and bur#lar$ resistant provide a level of dela$ from fire and theft. /he maMorit$ of safes will fall into one of the above cate#ories' with little cross over to other cate#ories. A bur#lar$ resistant safe should not be used to protect documents or media from fire' Must as fire safes should not be used to protect cash.
Burglary resistant safes

:ur#lar$ resistant safes are primaril$ desi#ned to protect valuables from ph$sical attac9. /he$ are #enerall$ of solid construction' with thic9 walls desi#ned to resist various ph$sical attac9 methods. /he materials used to manufacture them are usuall$ #ood conductors of heat' so the$ #enerall$ offer minimal fire resistance.
7ire resistant safes

&ire resistant safes are desi#ned to protect paper documents e>cludin# photo#raphs% from fire. /he$ are usuall$ constructed with thin metal walls sandwiched around a soft fillin# which offers insulation from heat' and emit moisture into the safe at hi#h temperature' thus increasin# the combustion temperature of paper to about 1J0UC%. &ire resistant safes are usuall$ tested a#ainst a standard' which specifies the e>ternal temperature' time the safe is subMected to the temperature' ma>imum internal temperature that can be reached' and percenta#e of documents inside the safe that are allowed to be destro$ed. Dome Dtandards conduct additional tests such as drop testin# the safe midwa$ throu#h the fire test to simulate a floor collapsin#. /he thin metal walls are used to reduce the heat retained b$ the safe after the heat source is removedG this will lower the level of ph$sical protection offered. /hic9er walls would #enerall$ increase the heat retained b$ the safe' and thus increase the time ta9en to cool down.
Bedia safes
BK
6edia safes or data safes% are desi#ned to protect photo#raphs' hard drives' optical media and other media t$pes from fire. /he$ are #enerall$ an e>tension of a fire safe' in that the$ offer the same amount of fire resistance with e>tra conditions. /he ma>imum internal temperature that can be reached is much lower around A0UC% and the humidit$ must remain low. /his is because moisture and heat corrupt or destro$ data carriers. /he achievement of the low heat' low humidit$ safe is usuall$ achieved b$ insertin# a special bo> inside an e>istin# fire safe' or b$ buildin# it in. A water resistant seal ensures that water used to e>tin#uish the fire does not affect the contents. &ire resistant and or data safes that are measured a#ainst Dtandards #enerall$ offer little protection from ph$sical attac9.
<y*rid safes ?*urglary and fire resistant@

=$brid safes are #enerall$ manufacturer rated and will offer a level of dela$ from fire or theft. /hese are usuall$ achieved b$ fittin# a bur#lar$ resistant safe with seals around all openin#s that e>pand with heat. As the safe is still primaril$ desi#ned to resist bur#lar$ with thic9er walls% the fire resistance is lower than that of a rated fire or media safe.
1aults
Vaults or stron#rooms are rooms that are desi#ned to provide the same dela$ for the door and walls. /hese are used where a hi#h stora#e capacit$ is re?uired. 6anufacturers offer either modular or base buildin# construction dependin# on the re?uirements. /he$ are normall$ desi#ned and manufactured b$ safe manufacturers.
Cash ratings
(n Australia most manufacturers rel$ upon insurable ratin#s that are accepted b$ insurance companies if there is a loss. (nsurable ratin#s are normall$ stated as supported or unsupported' su##estin# whether or not an alarm s$stem is providin# ade?uate protection of the safe or vault. /he supported insurable ratin# ma$ increase the insurable ratin# each insurer provides for their minimum level before acceptin# a ris9. /hese insurable ratin#s are a #ood indication of the securit$ offered b$ the safeG the hi#her the value the hi#her the securit$. /he insurable ratin# of the safe should reflect the value of the contents bein# held. 6ost Australian manufacturers will use insurable ratin#s in lieu of a reco#nised Dtandard.
J0

Security Zones and Risk Mitigation Control Measures

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Security Zones and Risk Mitigation Control Measures

Enviado por

Direitos autorais:

Formatos disponíveis

Physical security management guidelines

Security zones and risk mitigation control measures

Approved 21 June 2011 Version 1.4

ris9 miti#ation and assurance measures...............................................................................3

1.3.1 Use of specific terms in these guidelines

Relationshi) to other documents

Structure of these guidelines

Risk mitigation and assurance measures

0he risk management )rocess

7igure 1' Risk mitigation com)onent of the risk assessment )rocess

(dentif$ e>istin# miti#ation controls

,etermine the li9elihood of compromise' loss of inte#rit$ or unavailabilit$ of the assets

,etermine the current level of ris9 (f ris9s are not acceptable

(dentif$ additional controls needed to lower the ris9

,etermine residual ris9s

1.J.1 Additional requirements to meet specific threats

Assurance re(uired for information and )hysical asset sharing

=i#h Ver$ hi#h ->treme Catastrophic

1.N.1 Assurance for security classified physical assets

whichever is the hi#her.

Site security )lans

1.K.1 Critical path

1.K.2 Crime prevention through environmental design (CPTED)

!one ty)e Ione /wo

!one ty)e Ione &our

=i#hest securit$ areas in a#enc$ premises. Australian (ntelli#ence Communit$ facilities.

1.K.3 Layering of ones

7igure 3' Indicati#e layering of !ones

8ut of hours Alarm s$stems1' 2

,etermined b$ an a#enc$@s ris9 assessment

DC-C /$pe 1 usin# DC-C approved detection devices%

DC-C /$pe 1 usin# DC-C approved detection devices%

8ut of hours alarm response2

,etermined b$ an a#enc$@s ris9 assessment

Commercial loc9in# s$stem

DC-C approved loc9in# s$stem

DC-C approved loc9in# s$stem

(nteroperabilit$ of alarm s$stem and other buildin# mana#ement s$stems3

,etermined b$ an a#enc$@s ris9 assessment

-scorted visitors in whole of Pone

Visitors e>cluded unless there is an identified need

Visitors e>cluded unless there is an identified need

Dtora#e of official information Dtora#e of valuable ph$sical assets

Control com)onents .erimeter access control (ndividual alarm options

1.K.A Accreditation of ones

0a*le ' Summary of certification re(uirements

Duitabl$ ?ualified s$stem installer"desi#ner ADA )"A

Duitabl$ ?ualified s$stem installer"desi#ner ADA AD(82/4

4. Dee /able J! Additional controls to address specific ris9s.

Indi#idual control elements

1.10 Use of SC+C;a))ro#ed )roducts

1.11 Building construction

/hese #uides are onl$ available to ADAs from AD(82/4.

1.12 Alarm systems

1.12.1 E"ternal alarms

1.12.2 #CEC Type $ #A#

1.12.3 Commercial alarm systems

1.13 Indi#idual alarm o)tions

1.13.1 Duress alarms

1.13.2 %ndividual item alarm&alarm circuit

radio fre?uenc$ identification 0&(,% ta# s$stems.

1.13.3 'ehicle alarm

1.14 Access control systems

1.14.1 Dual authentication

1.1A Intero)eraility of alarm system and other uilding management systems

1.1J.1 )utofhours guarding