PE.L1-3.10.3/b.1.ix Escort Visitors

Escort visitors and monitor visitor activity.

Source: FAR Clause 52.204-21 Partial b.1.ix, NIST SP 800-171 Rev 2 3.10.3

Discussion: Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.

Assessment Objectives:

Determine if:

Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access control; security plan; physical access control logs or records; inventory records of physical access control devices; system entry and exit points; records of key and lock combination changes; storage locations for physical access control devices; physical access control devices; list of security safeguards controlling access to designated publicly accessible areas within facility; other relevant documents or records].

Interview: [SELECT FROM: Personnel with physical access control responsibilities; personnel with information security responsibilities].

Test: [SELECT FROM: Organizational processes for physical access control; mechanisms supporting or implementing physical access control; physical access control devices].

SPRS Score: 1

POA&M Allowed: No