A.7.12 Cabling Security

What is A.7.12 Cabling Security?

ISO 27001 control A.7.12 Cabling Security ensures power and telecommunications cabling carrying data or supporting information services is protected against interception, interference, and physical damage. The control combines physical cable management in secure zones with separation of power and data, critical link labelling, fibre optic preference, and logical encryption in transit via TLS 1.2 or higher with legacy authentication blocking.

How to implement A.7.12 in Microsoft 365

Implement A.7.12 in secure zones by physically separating

Implement A.7.12 in secure zones by physically separating power and data cables, using cable management arms and velcro ties, labelling critical uplinks at both ends, and preferring fibre optic for backbone connections. Ensure cables cross at 90-degree angles where separation is impossible. On office floors, use floor boxes, grommets, or heavy-duty cable covers for cables traversing public areas. Disconnect unused network ports at the patch panel and remove abandoned dead cables to reduce combustible load.

Enforce TLS 1.2 minimum which is the Microsoft

Enforce TLS 1.2 minimum which is the Microsoft 365 platform default. Block legacy authentication via Security Defaults or Conditional Access policies.

What an auditor checks for A.7.12

• Auditors will verify Security Defaults screenshot showing enabled status or Conditional Access policy blocking legacy auth clients.
• They will check rack photographs showing cable separation, management arms, and critical link labels.
• Auditors will review floor cable protection photographs showing cable covers in walkways.
• They will verify patch panel audit report showing unused ports are disconnected.
• Auditors will check FortiGate interface statistics report showing low or zero CRC errors and collisions indicating healthy cabling.

Related controls

• A.7.11
• A.8.24
• A.8.20
• A.7.1