PE-2(1)—Access By Position Or Role
>Control Description
Authorize physical access to the facility where the system resides based on position or role.
>Cross-Framework Mappings
>Supplemental Guidance
Role-based facility access includes access by authorized permanent and regular/routine maintenance personnel, duty officers, and emergency medical staff.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern the implementation of access by position or role for the organization's facilities?
- •Who is responsible for overseeing and maintaining access by position or role controls?
- •How frequently are access by position or role controls reviewed and updated?
- •What process exists for granting exceptions to access by position or role requirements?
- •How does the organization ensure accountability for access by position or role across all facility locations?
Technical Implementation:
- •What technologies or systems technically implement access by position or role?
- •How are these systems configured to meet the control requirements?
- •What monitoring or alerting capabilities exist for access by position or role?
- •How do access by position or role systems integrate with other physical security infrastructure?
- •What redundancy or backup mechanisms support access by position or role?
Evidence & Documentation:
- •Provide documented policies and procedures for access by position or role.
- •Provide evidence of access by position or role implementation and configuration.
- •Provide logs, records, or reports demonstrating access by position or role activities over the past 90 days.
- •Provide testing, maintenance, or inspection records for access by position or role from the past year.
- •Provide evidence of access by position or role reviews, audits, or assessments.
Ask AI
Configure your API key to use AI features.