PE.L1-3.10.3/b.1.ix Escort Visitors
Escort visitors and monitor visitor activity.
Source: FAR Clause 52.204-21 Partial b.1.ix, NIST SP 800-171 Rev 2 3.10.3
Discussion: Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.
Assessment Objectives:
Determine if:
- [a] visitors are escorted;
- [b] visitor activity is monitored;
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access control; security plan; physical access control logs or records; inventory records of physical access control devices; system entry and exit points; records of key and lock combination changes; storage locations for physical access control devices; physical access control devices; list of security safeguards controlling access to designated publicly accessible areas within facility; other relevant documents or records].
Interview: [SELECT FROM: Personnel with physical access control responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for physical access control; mechanisms supporting or implementing physical access control; physical access control devices].
SPRS Score: 1
POA&M Allowed: No