Statutes, codes, and regulations
Maryland Administrative code
Title 10 - MARYLAND DEPARTMENT OF HEALTHPart 3Subtitle 10 - LABORATORIES
Chapter 10.10.11 - Biological Agents Registry Program
Section 10.10.11.21 - BAR Information Security - Physical Safeguards

Md. Code Regs. 10.10.11.21

Download
PDF
Current through Register Vol. 51, No. 25, December 13, 2024
Section 10.10.11.21 - BAR Information Security - Physical Safeguards

A trusted partner shall establish physical safeguards to guard BAR information integrity, confidentiality, and availability, which include:

A. Physical protection of the personal computer system used for viewing BAR information and related buildings and equipment from:
(1) Fire;
(2) Natural and environmental hazards;
(3) Disasters; and
(4) Intrusion;
B. A secure work station location with physical safeguards to eliminate or minimize the possibility of unauthorized access to BAR information, including:
(1) Locating a personal computer used to access and view BAR information in a locked room;
(2) Restricting access to the locked room to authorized personnel by using:
(a) Electronic keypads;
(b) Electronic access badges; or
(c) Door locks;
(3) Placing the computer monitor in a way that screen contents are not viewable by an unauthorized person;
(4) Locking file cabinets, desks, and desk drawers that contain BAR information:
(a) During nonworking hours; and
(b) When the BAR information custodian is not present in the immediate area; and
(5) Making BAR information nonviewable or unobtainable before admitting an unauthorized person into the workspace;
C. BAR information media control procedures that govern the receipt, removal, and disposal of BAR information CD-R discs or thumb drives into or out of the facility, which include:
(1) Access control so that only the BAR information custodian can receive the BAR information media;
(2) Accountability procedures that trace the receipt, removal, and disposal of BAR information media;
(3) BAR information storage; and
(4) Tracking the disposal process and the final disposition of:
(a) Electronic BAR information; and
(b) BAR information hardware on which electronic BAR information is stored;
D. Emergency mode operation access controls that enable continuing protection to BAR information in the event of:
(1) Fire;
(2) Vandalism;
(3) Natural disaster; or
(4) BAR information computer information system failure;
E. A facility security plan to safeguard BAR information on the premises from unauthorized physical access, tampering, and theft;
F. Verifying access authorizations before granting physical access;
G. Maintaining documentation of repairs and modifications to the physical components of the facility including:
(1) Hardware;
(2) Walls;
(3) Doors; and
(4) Locks; and
H. Procedures governing the reception and hosting of visitors, including:
(1) Sign-in logs for visitors; and
(2) Providing escorts for visitors, if appropriate.

Md. Code Regs. 10.10.11.21

Amended effective 47:10 Md. R. 517, eff. 5/18/2020