NIST 800-53 REV 5 • AWARENESS AND TRAINING

AT-3(2)Physical Security Controls

Provide {{ insert: param, at-03.02_odp.01 }} with initial and {{ insert: param, at-03.02_odp.02 }} training in the employment and operation of physical security controls.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Physical security controls include physical access control devices, physical intrusion and detection alarms, operating procedures for facility security guards, and monitoring or surveillance equipment.

Practitioner Notes

Security guards and personnel responsible for physical security need training on how their duties protect information systems. Physical security and cyber security are deeply connected.

Example 1: Train security guards on tailgating prevention, visitor escort requirements, and how to verify badge validity. Include specific training on the importance of protecting server rooms, network closets, and any areas containing information system equipment.

Example 2: Provide front desk staff with training on social engineering tactics — someone posing as a delivery person, maintenance worker, or executive to gain physical access. Practice scenarios where staff must verify identity and authorization before granting access. Use role-playing exercises for realism.

More Awareness and Training Controls

AT-1 Policy and Procedures AT-2 Literacy Training and Awareness AT-2(1) Practical Exercises AT-2(2) Insider Threat