Which action is NOT required under CIP-006 according to the document's physical security requirements?

Under CIP-006, which focuses on physical security requirements for critical infrastructure, the principle of maintaining security at facilities is paramount. One of the key components of this standard is to ensure that access to controlled spaces is restricted and managed according to established security policies.

The action of allowing unrestricted access for employees at all times runs counter to the objectives of CIP-006. The standard emphasizes that access to physical security perimeters and critical assets needs to be controlled to minimize vulnerabilities and enhance security. This includes measures such as access control systems, where monitoring and limitations on access are crucial to safeguarding sensitive areas.

On the other hand, actions such as periodic testing of access control systems, documenting security procedures and policies, and regular maintenance of security technologies are all requirements under CIP-006. These measures are essential for ensuring that security protocols are effective, up-to-date, and capable of addressing potential threats to the infrastructure. Thus, the standard clearly necessitates the implementation of access controls rather than endorsing unrestricted access. This understanding underscores the importance of vigilance and structure in physical security practices.