PE.L1-3.10.1—Limit Physical Access
>Control Description
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your physical access control policy?
- •How do you determine who should have physical access to different areas?
- •What is your process for approving physical access requests?
- •Who is responsible for managing physical access control?
- •How often do you review physical access privileges?
Technical Implementation:
- •What physical access control systems are deployed (badge readers, biometrics)?
- •What technologies enforce physical access restrictions?
- •What access control platforms manage physical access?
- •What sensors or alarms detect unauthorized physical access?
- •What video surveillance monitors physical access points?
Evidence & Documentation:
- •What physical security policies and procedures can you provide?
- •What physical access logs demonstrate access control?
- •What visitor logs show visitor escort and monitoring?
- •What badge issuance records track physical access devices?
- •What surveillance footage or monitoring logs can you show?
- •What evidence shows physical security controls are functioning?
- •What alternate work site approval documentation can you provide?
Ask AI
Configure your API key to use AI features.