PE-8(2) — Physical Access Records

In addition to visitor records, this enhancement requires you to maintain records of physical access by your own personnel — who badged in where and when.

Example 1: Your badge access system already generates these records — make sure they are retained for at least one year, backed up regularly, and reviewed monthly for anomalies. Look for patterns like after-hours access, access to unusual areas, and access by recently terminated employees.

Example 2: Forward badge access logs to your SIEM for correlation with logical access events. For example, if someone badges into the server room and an admin logon occurs on a server at the same time, that is a correlated event. If no badge-in is recorded but a local login occurs, that is a red flag.