NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-3(4)Lockable Casings

Use lockable physical casings to protect {{ insert: param, pe-03.04_odp }} from unauthorized physical access.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The greatest risk from the use of portable devices—such as smart phones, tablets, and notebook computers—is theft. Organizations can employ lockable, physical casings to reduce or eliminate the risk of equipment theft. Such casings come in a variety of sizes, from units that protect a single notebook computer to full cabinets that can protect multiple servers, computers, and peripherals. Lockable physical casings can be used in conjunction with cable locks or lockdown plates to prevent the theft of the locked casing containing the computer equipment.

Practitioner Notes

System components should be housed in lockable casings to prevent unauthorized physical access. This stops someone from walking up to a server and pulling a drive or plugging in a rogue device.

Example 1: Use locking server rack cabinets with keyed or combination locks. Restrict keys to authorized IT staff only and maintain a key control log. When installing equipment in shared spaces, use locking network enclosures for switches and patch panels.

Example 2: For workstations in public or shared areas (like reception or manufacturing floor), use locking computer cases and cable locks to secure laptops to desks. Install port blockers on unused USB ports to prevent unauthorized device connections.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification