Operational Security Standard on Physical Security

Provides baseline physical security requirements to counter threats to government employees, assets and service delivery, and provides consistent safeguarding for the Government of Canada.
Date modified: 2013-02-18

More information

Directive:

Terminology:

Topic:

Hierarchy

Print-friendly XML

Glossary

assets (biens)
Tangible or intangible things of the Government of Canada. Assets include but are not limited to information in all forms and media, networks, systems, materiel, real property, financial resources, employee trust, public confidence and international reputation.
attack (attaque)
any action to execute a threat.
availability( (disponibilité)
the condition of being usable on demand to support operations, programs and services.
base building security (sécurité de l'immeuble de base)
Security safeguards provided by the custodian department to protect a facility but not the assets contained in the building. Basic building security provides a base or starting point for other security requirements (i.e. minimum and enhanced safeguards) to be added to protect the specific assets held by the institution.
baseline security requirements (exigences de base)
mandatory provisions of the Policy on Government Security and its associated operational standards and technical documentation.
business continuity planning (planification de la continuité des activités)
an all-encompassing term which includes the development and timely execution of plans, measures, procedures and arrangements to ensure minimal or no interruption to the availability of critical services and assets.
classified assets (biens classifiés)
assets whose compromise would reasonably be expected to cause injury to the national interest.
classified information (renseignements classifiés)
information related to the national interest that may qualify for an exemption or exclusion under the Access to Information Act or Privacy Act, and the compromise of which would reasonably be expected to cause injury to the national interest.
communications intelligence (COMINT)
Technical information or intelligence derived from the exploitation of communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those systems or networks by other than the intended recipient.
Communications Security (COMSEC) (sécurité des communications (COMSEC))
The application of cryptographic security, transmission and emission security, physical security measures, operational practices and controls to deny unauthorized access to information derived from telecommunications and that ensure the authenticity of such telecommunications.
compromise (compromission)
unauthorized disclosure, destruction, removal, modification, interruption or use of assets.
confidentiality (confidentialité)
A characteristic applied to information to signify that it can only be disclosed to authorized individuals to prevent injury to national or other interests.
control of access (contrôle de l'accès)
Ensuring authorized access to assets within a facility or restricted areas by screening visitors and material at entry points by personnel, guards or automated means and, where required, monitoring their movement within the facility or restricted access areas by escorting them.
critical service (service essentiel)
A service whose compromise in terms of availability or integrity would result in a high degree of injury to the health, safety, security or economic well-being of Canadians or to the effective functioning of the Government of Canada (GC).
custodian department (ministère gardien)
a department having administration of federal real property.
department (ministère)
as described in Section 2: Application, of the PGS. In this document the term “department” may refer to either the tenant, the custodian or both.
Deputy Head (Administrateur général)
Deputy Head as defined in section 11 of the Financial Administrtion Act, and in the case of the Canadian Forces the Chief of the Defence Staff.
destruction equipment (équipement de destruction)
any device or process used to change the medium which contains classified or protected information in such a way that the classified or protected information can no longer be derived from the medium.
detection (détection)
the use of appropriate devices, systems and procedures to signal that an attempted or actual unauthorized access has occurred.
electronic intelligence (ELINT)
Technical information or intelligence derived from the collection, processing and analysis of electromagnetic non-communications emissions.
emergency (urgence)
A present or imminent event, including IT incidents, that requires prompt coordination of actions to protect the health, safety or welfare of people, or to limit damage to assets or the environment.
emergency management (gestion des urgences)
The prevention and mitigation of, preparedness for, response to and recovery from emergencies.
executive (cadre supérieure)
An employee appointed to the executive group (EX-01 to EX-05 levels), i.e., director, director general, assistant deputy minister or equivalent.
facility (installation)
a physical setting used to serve a specific purpose. A facility may be part of a building, a whole building, or a building plus its site; or it may be a construction that is not a building. The term encompasses both the physical object and its use (for example, weapons ranges, agriculture fields).
for cause (pour un motif valable)
A determination that there is sufficient reason to review, revoke, suspend or downgrade a reliability status, a security clearance or site access.
foreign instrumentation signals intelligence (FISINT)
Technical information or intelligence derived from the collection, processing and analysis of foreign instrumentation signals by other than the intended recipient.
identity (identité)
A reference or designation used to distinguish a unique and particular individual, organization or device.
identity management (gestion de l'identité)
The set of principles, practices, processes and procedures used to realize an organization's mandate and its objectives related to identity.
information (renseignements)
any pattern of symbols or sounds to which meaning may be assigned.
integrity (intégrité)
the accuracy and completeness of assets, and the authenticity of transactions.
interoperability (interopérabilité)
The ability of federal government departments to operate synergistically through consistent security and identity management practices.
managers at all levels (gestionnaires à tous les niveaux)
Includes supervisors, managers and executives.
material (matériel)
any tangible object with the exclusion of those embodying information.
monitored (surveillé)
To watch for or detect a breach of security.
monitored continously (surveillée continuellement)
To confirm on a continuous basis that there has not been a breach of security. Examples include electronic intrusion detection system, or someone guarding a particular point on a constant basis.
national interest (intérêt national)
Concerns the defence and maintenance of the social, political and economic stability of Canada.
need-to-know (besoin de connaître)
The need for someone to access and know information in order to perform his or her duties.
personnel security screening (enquêtes de sécurité du personnel)
the process of examining the trustworthiness and suitability of employees and, where national interest is concerned, their loyalty and associated reliability. When satisfactory, an employee is granted reliability status or a security clearance. Reliability status applies when only protected assets are concerned. When the employee has access to classified assets, a security clearance corresponding to the level of classified assets is issued. A security clearance includes reliability status. See Screening.
physical security (sécurité matérielle)
the use of physical safeguards to prevent or delay unauthorized access to assets, to detect attempted and actual unauthorized access and to activate appropriate responses.
protected and classified information (renseignements protégés et classifiés)
See Protected Information and Classified Information.
protected asset or information (renseignement ou bien protégé)
An asset or information that may qualify for an exemption or exclusion under the Access to Information Act or the Privacy Act because its disclosure would reasonably be expected to compromise the non-national interest.
protected information (renseignements protégés)
information related to other than the national interest that may qualify for an exemption or exclusion under the Access to Information Act or Privacy Act, and the compromise of which would reasonably be expected to cause injury to a non-national interest.
protection (protection)
for physical security, protection means the use of physical, procedural and psychological barriers to delay or deter unauthorized access, including visual and acoustic barriers.
recovery (rétablissement)
to the restoration of full levels of service delivery.
reliability status (cote de fiabilité)
Indicates the successful completion of reliability checks; allows regular access to government assets and with a need to know to PROTECTED information.
residual risk (risque résiduel)
Level of risk remaining after security measures have been applied
response (intervention)
the implementation of measures to ensure that security incidents are reported to appropriate security officials and immediate and long-term corrective action taken.
restricted - access area (zone d'accès restreint)
work areas where access is limited to authorized individuals includes Operations, Security and High Security Zones. Refer to the definition in Section 6.3. Hierarchy of Zones.
risk (risque)
the chance of a vulnerability being exploited.
screening (triage)
the process of verifying visitors and/or material (e.g. incoming mail/deliveries) at entry points of a facility or a restricted area for authorizing access; See Personnel Security Screening.
security clearance (cote de sécurité)
indicates successful completion of a security assessment; with a need to know, allows access to classified information. There are three Security Clearance levels: Confidential, Secret and Top Secret.
security container (coffre de sécurité)
any totally enclosed storage place for a classified asset, designed to resist force and surreptitious attacks; e.g., a safe, security cabinet, strongbox, permanent vault, demountable vault or secure room.
security control (mesure de sécurité)
An administrative, operational, technical, physical or legal measure for managing security risk. This term is synonymous with safeguard.
security incident (incident de sécurité)
Any workplace violence toward an employee or any act, event or omission that could result in the compromise of information, assets or services.
security screening (filtrage de sécurité)
Any measure resulting in a high level of assurance that an individual can be granted specific access privileges within the context of the federal government.
securityprogram (programme de sécurité)
A group of security-related resource inputs and activities that are managed to address a specific need or needs and to achieve intended results.
shredding (déchiquetage)
a mechanical cutting or grinding method of reducing standard weighs of office paper, microfilm and microfiche to fragments.
situational awareness (connaissance de la situation)
Having insight into one's environment and circumstances to understand how events and actions will affect business objectives, both now and in the near future. Having complete, accurate, and current SA is essential in any domain where technological complexity, decision making, and the well-being of the public interact. Because incident management involves predictions and forecasts, SA in the area of IT requires an understanding of the interrelationships between critical services and information, safeguards supporting IT infrastructure and processes, and evolving threats.
sophisticated IT security incident (incident complexe de sécurité des TI)
An event, usually initiated by sophisticated threat actors, that is complicated to detect and recover from, causes harm to GC networks and systems, and affects the confidentiality, integrity and availability of information.
sophisticated IT security threat (menace complexe à la sécurité des TI)
An entity or entities that make use of advanced technologies and tradecraft to penetrate or bypass protective systems and security technologies without being detected.
surreptitious attack (attaque subreptice)
a secret unauthorized attack to breach or circumvent a defensive system or some of its components in such a manner that the custodians and/or security force cannot readily detect the attack.
tenant department (ministère locataire)
a department occupying federal real property that is under the administration of another department or Crown Corporation.
threat (menace)
Any potential event or act, deliberate or accidental, that could cause injury to employees or assets.
unauthorized access (accès non autorisé)
Access to assets by an individual who is not properly security screened and/or does not have a need-to-know.
unauthorized disclosure (divulgation non autorisée)
Disclosure that is forbidden by law or by governmental or departmental policies.
value (valeur)
estimated worth: monetary, cultural or other.
vulnerability (vulnérabilité)
an inadequacy related to security that could permit a threat to cause injury.
workplace violence (violence dans le lieu de travail)
An action, conduct, threat or gesture that can reasonably be expected to cause harm, injury or illness to an employee in the workplace.
zones (zones)
A series of clearly discernible spaces to progressively control access
Date modified: