myctrl.tools
Compare

PE-2(2)Two Forms Of Identification

>Control Description

Require two forms of identification from the following forms of identification for visitor access to the facility where the system resides: organization-defined list of acceptable forms of identification.

>Cross-Framework Mappings

SCF

PES-06.2
Compare

>Supplemental Guidance

Acceptable forms of identification include passports, REAL ID-compliant drivers' licenses, and Personal Identity Verification (PIV) cards. For gaining access to facilities using automated mechanisms, organizations may use PIV cards, key cards, PINs, and biometrics.

>Related Controls

IA-2
IA-4
IA-5

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern the implementation of two forms of identification for the organization's facilities?
  • Who is responsible for overseeing and maintaining two forms of identification controls?
  • How frequently are two forms of identification controls reviewed and updated?
  • What process exists for granting exceptions to two forms of identification requirements?
  • How does the organization ensure accountability for two forms of identification across all facility locations?

Technical Implementation:

  • What technologies or systems technically implement two forms of identification?
  • How are these systems configured to meet the control requirements?
  • What monitoring or alerting capabilities exist for two forms of identification?
  • How do two forms of identification systems integrate with other physical security infrastructure?
  • What redundancy or backup mechanisms support two forms of identification?

Evidence & Documentation:

  • Provide documented policies and procedures for two forms of identification.
  • Provide evidence of two forms of identification implementation and configuration.
  • Provide logs, records, or reports demonstrating two forms of identification activities over the past 90 days.
  • Provide testing, maintenance, or inspection records for two forms of identification from the past year.
  • Provide evidence of two forms of identification reviews, audits, or assessments.

Ask AI

Configure your API key to use AI features.