Servers must be kept in a physically secure location with access by authorized personnel only.

The corporate network must be physically secured against eavesdropping or packet sniffing.