## 7.8 Equipment siting and protection | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | |------------------|-----------------------------------------|---------------------------|----------------------------------------|---------------------| | #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Asset_management | #Protection | **Control** Equipment should be sited securely and protected. **Purpose** To reduce the risks from physical and environmental threats, and from unauthorized access and damage. **Guidance** The following guidelines should be considered to protect equipment: a\) siting equipment to minimize unnecessary access into work areas and to avoid unauthorized access; b\) carefully positioning information processing facilities handling sensitive data to reduce the risk of information being viewed by unauthorized persons during their use; c\) adopting controls to minimize the risk of potential physical and environmental threats \[e.g. theft, fire, explosives, smoke, water (or water supply failure), dust, vibration, chemical effects, electrical supply interference, communications interference, electromagnetic radiation and vandalism\]; d\) establishing guidelines for eating, drinking and smoking in proximity to information processing facilities; e\) monitoring environmental conditions, such as temperature and humidity, for conditions which can adversely affect the operation of information processing facilities; f\) applying lightning protection to all buildings and fitting lightning protection filters to all incoming power and communications lines; g\) considering the use of special protection methods, such as keyboard membranes, for equipment in industrial environments; h\) protecting equipment processing confidential information to minimize the risk of information leakage due to electromagnetic emanation; i\) physically separating information processing facilities managed by the organization from those not managed by the organization. **Other information** No other information.