Skip to main content
Physical & Environment

Physical and Environmental Protection Deep Dive

Deep Dive into Changes to the Physical and Environmental Protection Family in FedRAMP Revision 5

The FedRAMP Program Management Office (PMO) has released new proposed baselines based on NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, Revision 5, (NIST SP 800-53 Rev5). Here we will take a closer look at the changes to the Physical and Environmental Protection control family that the new baselines bring.


Considerable Changes to the Low, Moderate, and High baselines include:

  • Policies and procedures will now need to be designated as either organizational, mission or business process, or system-level
  • A requirement to designate a specific official to manage the development, documentation, dissemination of policies and procedures
  • A requirement to update policies and procedures after specified events
  • A parameter change from security safeguards to physical access controls
  • A parameter change from monitoring to control of visitor activity
  • A requirement to report anomalies in visitor access records to specified personnel
  • A new parameter requiring selection of specific types of environmental controls to maintain


Considerable Changes to the Moderate and High baselines include:

  • An addition of a new parameter requiring specifying output devices
  • An addition of a new parameter for specifying applicable system or individual system components
  • Removal of the control requiring alerts for humidity and temperature changes in a data center
  • New control text requiring determining and documenting allowable alternate work sites
  • An addition of a new parameter specifying alternate work sites


Considerable Changes to the High baseline include:

  • An addition of a new parameter for activating long-term alternate power supplies manually or automatically
  • An additional to control text specifying the need to employ an automatic fire suppression capability when the facility is not staffed on a continuous basis
  • An additional of a new parameter specifying automated detection mechanisms


Check back here for more deep dives into changes in each control family and updates on the proposed baselines from the FedRAMP PMO. Contact InfusionPoints for assistance with your FedRAMP journey.