Mitigations
Courses of action that reduce risk from techniques.
| Mitigation ID | Name | Description |
|---|---|---|
| PM0001 | User Training | Train personnel to recognize tailgating, impersonation, and pretext attempts at entry points and in common areas. |
| PM0002 | Visitor and Contractor Verification | Verify identity and authorization for visitors, vendors, and contractors using badges, sign-in procedures, and callback validation before granting access. |
| PM0003 | Entry Challenge Procedures | Require staff to challenge unknown individuals at controlled doors and turnstiles, and refuse entry when credentials or purpose cannot be verified. |
| PM0004 | Anti-Passback Controls | Configure access control systems to enforce anti-passback and prevent credential reuse for sequential entries without an exit read. |
| PM0005 | Mantrap and Interlocking Doors | Deploy mantraps or interlocking door pairs at high-risk entries so only one door can open at a time and tailgating is harder to execute. |
| PM0006 | Credential and Key Management | Control issuance, storage, revocation, and audit of badges, keys, and PINs; inspect readers and locks for tampering during maintenance cycles. |
| PM0007 | Anti-Cloning Badge Technology | Use access credentials with anti-cloning features and readers that validate secure formats rather than accepting duplicated static card data alone. |
| PM0008 | Physical Access Control Maintenance | Maintain locks, doors, readers, and barriers on a defined schedule; remove or repair damaged hardware that could be manipulated for covert access. |
| PM0010 | Security Patrol Program | Schedule guard or staff patrols of low-traffic areas, stairwells, storage zones, and back-of-house paths to detect hiding and unescorted movement. Include routine perimeter and opening checks for propped doors, unsecured windows, disabled sensors on openings, and other gaps that allow entry without credentials. |
| PM0011 | After-Hours Access Procedures | Restrict and log after-hours entry; require approval, escorts, or additional verification when facilities are closed or lightly staffed. |
| PM0012 | Sensor Health Monitoring | Monitor intrusion, motion, and alarm devices for offline, tamper, or bypass conditions and investigate anomalies promptly. |
| PM0013 | Camera Coverage Review | Review camera fields of view during design and operations; inspect housings for obstruction, spray, or repositioning that creates blind spots. |
| PM0014 | Guard Force and Alarm Response | Define alarm response playbooks, guard post orders, and escalation paths so false alarms and diversions are investigated without leaving other areas unmonitored. |
| PM0015 | Document and Clean Desk Policy | Require securing sensitive paper and media when unattended; limit unattended access to copy rooms and restrict removal of documents without authorization. |
| PM0016 | IT Asset Inventory Control | Track laptops, removable media, and portable servers; secure storage areas and investigate missing equipment. |
| PM0017 | Technical Surveillance Countermeasures | Periodically sweep sensitive areas for covert listening devices, cameras, and unknown transmitters using TSCM practices or qualified vendors. |
| PM0018 | Security Zone Controls | Segment facilities into zones with access rules matched to role; audit permissions and enforce checks at internal boundaries. |
| PM0019 | Vertical Access Controls | Control stairwell and elevator access by floor or role; monitor or lock floors that do not require general staff traffic. |
| PM0020 | Service Corridor Access Control | Limit and monitor service routes, loading docks, and utility corridors with badges, escorts, or time-bound access. |
| PM0022 | Facility Operational Security | Limit public exposure of facility layout, schedules, and security measures; train staff to report suspicious observation and photography near sensitive areas. |
| PM0023 | Ongoing Personnel Trust Verification | Re-verify contractor and vendor access periodically; revoke credentials when engagements end and investigate anomalous repeat presence. |