Episode 22 — Control physical access to sensitive facilities reliably

This episode focuses on physical security controls because the PCI ISA exam expects you to understand how physical access can defeat strong logical controls when attackers or unauthorized staff can reach devices, network ports, or media. You’ll define what “sensitive facilities” means in PCI terms by connecting it to in-scope systems, storage locations for account data, and areas that could affect the security of the cardholder data environment, including server rooms, network closets, and workstation areas used for administration. We’ll cover practical control methods such as badge access, visitor management, escorts, camera coverage, logging, and periodic reviews, and we’ll discuss why “the building is locked” is not the same as an auditable access control process. You’ll also learn what evidence makes physical controls credible, including access logs, visitor records, camera retention practices, and exception handling for after-hours support, plus common failure patterns like propped doors, shared badges, and untracked contractors. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.