FORTRESS

The FORTRESS Framework

The FORTRESS Framework (Framework for Organized RedTeam Threat Response Evaluation for Security and Safeguards) is a comprehensive physical security testing methodology designed to assess and improve the physical security posture of organizations. Similar in spirit to the Penetration Testing Execution Standard (PTES) for cybersecurity, FORTRESS provides a structured approach to physical security assessments.

High Level Organization of the Framework

The FORTRESS Framework consists of multiple major sections covering all aspects of physical security testing. These sections address everything from initial reconnaissance and planning through execution and reporting, ensuring comprehensive coverage of physical security controls.

This framework has been developed and refined through real-world testing engagements and aligns with industry-leading compliance standards and best practices. Each control includes detailed testing methodologies, expected findings, and remediation recommendations.

Core Framework Sections

• Physical Entry and Perimeter Security - Access controls, entry points, badge systems, perimeter defenses
• Detection and Surveillance Systems - CCTV, motion sensors, alarm systems, monitoring capabilities
• Asset Protection and Management - Equipment security, asset tracking, inventory controls
• Operational and Personnel Security - Background checks, security awareness, incident response
• Business Continuity and Physical Resilience - Disaster recovery, emergency procedures, continuity planning
• Advanced Threat & Emerging Technology Security - TSCM, AI/ML security, quantum readiness, IoT protection
• Industry-Specific Compliance Requirements - Healthcare (HITRUST, HIPAA), Financial (GLBA), Critical Infrastructure (CFATS, NERC CIP), Defense (ITAR, NISPOM)
• Privacy Ethics and Biometric Governance - BIPA compliance, surveillance ethics, facial recognition governance
• International Standards and Cross-Border Requirements - GDPR, NIS2, regional compliance (EU, APAC, MEA, Americas)
• Physical Infrastructure Standards and Testing - ASTM, UL, ISO/IEC technical standards for barriers, locks, alarms, biometrics

Interactive Framework Navigator

The FORTRESS Framework includes a powerful web-based navigator that allows security professionals to:

• Search across 236+ physical security controls
• Filter by compliance framework (FedRAMP, HIPAA, PCI DSS, ISO 27001, etc.)
• Filter by security domain (Physical Entry, Surveillance, Asset Protection, etc.)
• View detailed test methodologies and procedures
• Access findings and remediation recommendations
• Export results for reporting and documentation

Implementation Guide

Organizations can implement the FORTRESS Framework by:

1. Assessment Planning - Define scope, objectives, and compliance requirements
2. Framework Selection - Choose relevant controls based on industry and risk profile
3. Testing Execution - Conduct assessments using defined test methodologies
4. Gap Analysis - Document findings and identify security gaps
5. Remediation Planning - Prioritize and implement security improvements
6. Continuous Monitoring - Establish ongoing assessment and validation processes

Compliance Coverage

The FORTRESS Framework maps to over 60 compliance frameworks and standards, including:

Getting Started

Ready to explore the framework? Launch the interactive navigator to search, filter, and explore all 236+ physical security controls.

About the Framework

The FORTRESS Framework was developed by Brad Ammerman, a physical security and red team professional with extensive experience in security assessments, compliance, and risk management. The framework represents years of real-world testing experience and industry best practices.

Last Updated: 2024
Version: 8.1 (Security Hardened)
License: Available for security professionals and authorized assessments