CMMC 2.0 • LEVEL 1 • PHYSICAL PROTECTION

PE.L1-3.10.1Physical Access Authorizations

Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides. Issue authorization credentials for facility access. Review the facility access list monthly at minimum, and immediately following any security incident or anomalyCMMC/STIG. Remove individuals from the facility access list when access is no longer required.

NIST 800-171 Mapping

NIST 800-53 Controls

PE-2PE-6

Assessment Objectives

  • a list of individuals with authorized access to the facility where the system resides is developed.
  • a list of individuals with authorized access to the facility where the system resides is approved.
  • a list of individuals with authorized access to the facility where the system resides is maintained.
  • the facility access list is reviewed monthly at minimum, and immediately following any security incident or anomalyCMMC/STIG.
  • individuals from the facility access list are removed when access is no longer required.
  • authorization credentials for facility access are issued.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

PE.L2-3.10.2 Monitoring Physical Access PE.L1-3.10.3 Escort Visitors and Monitor Visitor Activity PE.L1-3.10.4 Maintain Audit Logs of Physical Access PE.L1-3.10.5 Control and Manage Physical Access Devices