Access Control

Having ensured that all personnel entering and leaving the facility have been accounted for (see Locational Security), the servers should also be held in access controlled rooms and cabinets.

Many facilities are large and may host equipment belonging to multiple clients. Restricting and recording access to the physical machines makes any potential theft or sabotage easier to identify. Remember that a malicious agent could physically remove hard drives or SSDs from a system if they have physical access to it, and they wouldn’t need to know any passwords in order to do so.