This Control applies to facilities that house moderate or high impact information resources.

The facility manager, or designee, is responsible for:

• 1.1

  Monitoring physical access to facilities where information resources reside to detect and respond to physical security incidents;

• 1.2

  Reviewing physical access logs periodically based on risk management decisions; and

• 1.3

  Coordinating results of reviews and investigations with the university incident response capability.