>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PE-2Physical Access Authorizations

PBMM (P1)
Secret (P1)
Operational

>Control Description

(A) The organization develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides. (B) The organization issues authorization credentials for facility access. (C) The organization reviews the access list detailing authorized facility access by individuals organization-defined frequency. (D) The organization removes individuals from the facility access list when access is no longer required.

>Supplemental Guidance

This control applies to organizational employees and visitors. Individuals (e.g., employees, contractors, and others) with permanent physical access authorization credentials are not considered visitors. Authorization credentials include, for example, badges, identification cards, and smart cards.

Organizations determine the strength of authorization credentials needed (including level of forge-proof badges, smart cards, or identification cards) consistent with GC directives, standards, policies, and procedures. This control only applies to areas within facilities that have not been designated as publicly accessible. Related controls: PE-3, PE-4, PS-3

>Tailoring Guidance

The reviews can be performed simultaneously with account reviews (see AC-2).

>Profile-Specific Parameters

(C) frequency [monthly]

Ask AI

Configure your API key to use AI features.