NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-2(2)Two Forms of Identification

Require two forms of identification from the following forms of identification for visitor access to the facility where the system resides: {{ insert: param, pe-02.02_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Acceptable forms of identification include passports, REAL ID-compliant drivers’ licenses, and Personal Identity Verification (PIV) cards. For gaining access to facilities using automated mechanisms, organizations may use PIV cards, key cards, PINs, and biometrics.

Practitioner Notes

Visitors to your facility must present two forms of identification before being granted access. This adds confidence that the person is who they claim to be.

Example 1: Require visitors to present a government-issued photo ID (driver's license or passport) plus a second form such as a company badge from their employer, a meeting confirmation email, or a business card. Record both forms of ID in the visitor log.

Example 2: Train your front desk or security staff on acceptable forms of identification and how to verify them. Create a quick-reference guide that lists approved primary IDs (government photo ID) and approved secondary IDs (CAC, company badge, verified appointment). Post this guide at the reception desk.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(3) Restrict Unescorted Access