ASD's Blueprint for Secure Cloud

Physical Security

This page provides a template and guidance to assist organisations in documenting their approach to physical security associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

As <ORGANISATION-NAME>’s approach to implementing controls related to physical security is consistent across all controls addressed within this section, it does not delve into subsections but rather addresses the controls as a group. This approach is consistent with ASD’s Guidelines for Physical Security.


<ORGANISATION-NAME> uses on-premises facilities and systems to host hybrid components of <SYSTEM-NAME>, as well as networking components for the use of ICT devices in <ORGANISATION-NAME>’s offices.

<SYSTEM-NAME> does not consider the direct management of these physical facilities or systems within its system boundary, and relies on the implementation from the following system assessments:


Use of laptops and/or iPhones by staff outside of <ORGANISATION-NAME>’s offices is in accordance with the Enterprise Mobility section of this SSP. However, <SYSTEM-NAME> endpoints and peripherals are also deployed in <ORGANISATION-NAME>’s offices as their primary place of operation.

<ORGANISATION-NAME> is responsible for the physical security of devices located at <ORGANISATION-NAME>’s` offices.

Organisational policies and processes implemented

Management of facilities and physical security is performed in accordance with <ORGANISATION-NAME>’s Physical Security Policy, which requires all organisational assets, including ICT equipment and media to be appropriately secured according to their use.


Technical controls implemented

Physical server hardware, networking devices, and cryptographic equipment are deployed in secure rooms within <ORGANISATION-NAME>’s offices, assessed to meet <ZONE 2> requirements as per the Department of Home Affair’s Protective Security Policy Framework (PSPF).

Workstations are also deployed within <ORGANISATION-NAME>’s offices, assessed to meet <ZONE 2> requirements as per the PSPF.

<SYSTEM-NAME> also inherits implementation of physical security controls by <ORGANISATION-NAME>’s cloud and managed service providers.


Security & Governance


  • None identified


  • None identified

External documentation

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra