Access Control
Use the following requirements for access control.
| Requirement Area | Requirement | Details |
|---|---|---|
| Control model | Control access according to the customer's contracted access policy for Oracle-occupied space. | Access responsibilities must be documented and enforced consistently. |
| Security layers | Use a layered security path into every Oracle-occupied area. | At least three security layers are required. |
| Door authentication | Secure all doors that lead to the security corridor and each room with dual authentication. | This requirement includes Oracle-operated storage, loading dock access into Oracle white space, and Oracle MMRs. |
| Authentication methods | Use two forms of authentication for access points into Oracle space. | Accepted factors include card or badge access and biometric readers. Badge plus biometric authentication is preferred for ingress. |
| Temporary fallback | Use an approved fallback only where the preferred control is unavailable. | Badge plus PIN may be used as a temporary fallback if badge plus biometric access is unavailable. |