PE-3(1)—Physical Access Control | System Access
IL4 High
IL5
IL6
>Control Description
Enforce physical access authorizations to the system in addition to the physical access controls for the facility at ⚙organization-defined physical spaces containing one or more components of the system.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
Control of physical access to the system provides additional physical security for those areas within facilities where there is a concentration of system components.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern the implementation of system access for the organization's facilities?
- •Who is responsible for overseeing and maintaining system access controls?
- •How frequently are system access controls reviewed and updated?
- •What process exists for granting exceptions to system access requirements?
- •How does the organization ensure accountability for system access across all facility locations?
Technical Implementation:
- •What technologies or systems technically implement system access?
- •How are these systems configured to meet the control requirements?
- •What monitoring or alerting capabilities exist for system access?
- •How do system access systems integrate with other physical security infrastructure?
- •What redundancy or backup mechanisms support system access?
Evidence & Documentation:
- •Provide documented policies and procedures for system access.
- •Provide evidence of system access implementation and configuration.
- •Provide logs, records, or reports demonstrating system access activities over the past 90 days.
- •Provide testing, maintenance, or inspection records for system access from the past year.
- •Provide evidence of system access reviews, audits, or assessments.
Ask AI
Configure your API key to use AI features.