Physical Access Restriction
Description
Use appropriate facility entry controls to limit and monitor physical access to systems in the CDE.
⚠️ Risk Impact
Physical access to POS terminals, server rooms, or workstations bypasses all logical controls. Card skimmers + USB exfiltrators target physical access opportunities.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.
🔧 Remediation
Badge access to CDE areas. Visitor escort policy. CCTV. POS terminal tamper-detection. Periodic physical security walkthroughs.
💀 Real-World Attack Scenario
A retail chain's POS terminals were modified by attackers posing as 'technicians'. Hardware skimmers were inserted; 80,000 card records captured over 4 months before detection. Physical access controls + tamper-detection would have caught the modification.
💰 Cost of Non-Compliance
Physical-access PCI breaches: avg $4.2M. POS skimming attacks: $X per record exposed.
📋 Audit Questions
- 1.Badge controls to CDE areas?
- 2.Visitor escort policy?
- 3.POS tamper-detection?
- 4.Recent physical security walkthrough?
🎯 MITRE ATT&CK Mapping
⚡ Common Pitfalls
- ⛔Cloud-only orgs ignoring office controls
- ⛔Tailgating culture
- ⛔No tamper-detection on POS
📈 Business Value
Physical controls close attack vectors invisible to digital defenses.
⏱️ Effort Estimate
Annual security walkthrough + policy
EchelonGraph monitors cloud-provider attestations
🔗 Cross-Framework References
Automate PCI DSS 9.1 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →