>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

3.10.3Physical Protection - Derived

Derived Requirement

>Control Description

Escort visitors and monitor visitor activity.

>Discussion

Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.

>Cross-Framework Mappings

CMMC

PE.L1-3.10.3
Compare

SCF

PES-03
Compare
PES-06
Compare
PES-06.1
Compare
PES-06.3
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern escorting visitors and monitoring activities?
  • What procedures define visitor escort requirements?
  • Who is authorized to escort visitors in CUI areas?
  • How do you communicate visitor policies to employees?
  • What governance ensures visitors are properly supervised?

Technical Implementation:

  • What visitor management systems track and control visitor access?
  • How do you issue temporary visitor badges or credentials?
  • What video surveillance monitors visitor activities?
  • How do you technically restrict visitor access to authorized areas only?
  • What alerts notify staff of unescorted visitors?

Evidence & Documentation:

  • Can you provide visitor logs showing escorts and supervision?
  • What documentation proves visitors are escorted in CUI areas?
  • Can you demonstrate visitor badge procedures?
  • What video footage or logs track visitor movements?
  • What audit evidence confirms visitor escort compliance?

Ask AI

Configure your API key to use AI features.