>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SO-10Visitor Access

>Control Description

Physical access for visitors is managed through monitoring, maintaining records, escorting, and reviewing access monthly. Visitor access records to the facilities are kept for at least a year.

Theme

Process

Type

Preventive

Policy/Standard

Physical and Environmental Security Policy

>Implementation Guidance

1. Design and document the requirement for visitor access, maintaining records, escorting, and reviewing access monthly. 2. Ensure visitor access is approved, with an escort. 3. Ensure monthly access reviews are performed. 4. Ensure retention of visitor access for at least a year.

>Testing Procedure

1. Inspect Physical Access Policy to determine whether it contains the requirement for visitor access, maintaining records, escorting. and reviewing access monthly. 2. Obtain and validate evidence that visitor access is approved, with an escort. 3. Obtain and validate evidence of monthly access reviews. 4. Obtain and validate evidence of retention of visitor access for at least a year.

>Audit Artifacts

E-SO-08
E-SO-13
E-SO-14

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

FedRAMP Rev 5
2

PE-03
PE-08

PCI DSS
6

9.3
9.3.1
9.3.1.1
9.3.2
9.3.3
9.3.4

TX-RAMP
2

PE-3
PE-8

Ask AI

Configure your API key to use AI features.