NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-3(2)Facility and Systems

Perform security checks {{ insert: param, pe-03.02_odp }} at the physical perimeter of the facility or system for exfiltration of information or removal of system components.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizations determine the extent, frequency, and/or randomness of security checks to adequately mitigate risk associated with exfiltration.

Practitioner Notes

This enhancement requires periodic security checks at the physical perimeter — looking for signs of tampering, unauthorized equipment, or exfiltration of data or equipment.

Example 1: Conduct daily walkthroughs of your facility perimeter and server rooms. Check that doors and windows are secure, no unauthorized equipment has been installed, and no company equipment is staged for unauthorized removal. Use a checklist and log each walkthrough.

Example 2: Perform random bag/equipment checks at exits during high-risk periods or as part of your ongoing security program. Post signage informing employees and visitors that equipment inspections may occur. Document any findings and report anomalies to your security officer.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification