myctrl.tools
Compare

PE-3(8)Access Control Vestibules

>Control Description

Employ access control vestibules at organization-defined locations within the facility.

>Supplemental Guidance

An access control vestibule is part of a physical access control system that typically provides a space between two sets of interlocking doors. Vestibules are designed to prevent unauthorized individuals from following authorized individuals into facilities with controlled access. This activity, also known as piggybacking or tailgating, results in unauthorized access to the facility.

Interlocking door controllers can be used to limit the number of individuals who enter controlled access points and to provide containment areas while authorization for physical access is verified. Interlocking door controllers can be fully automated (i.e., controlling the opening and closing of the doors) or partially automated (i.e., using security guards to control the number of individuals entering the containment area).

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern the implementation of access control vestibules for the organization's facilities?
  • Who is responsible for overseeing and maintaining access control vestibules controls?
  • How frequently are access control vestibules controls reviewed and updated?
  • What process exists for granting exceptions to access control vestibules requirements?
  • How does the organization ensure accountability for access control vestibules across all facility locations?

Technical Implementation:

  • What technologies or systems technically implement access control vestibules?
  • How are these systems configured to meet the control requirements?
  • What monitoring or alerting capabilities exist for access control vestibules?
  • How do access control vestibules systems integrate with other physical security infrastructure?
  • What redundancy or backup mechanisms support access control vestibules?

Evidence & Documentation:

  • Provide documented policies and procedures for access control vestibules.
  • Provide evidence of access control vestibules implementation and configuration.
  • Provide logs, records, or reports demonstrating access control vestibules activities over the past 90 days.
  • Provide testing, maintenance, or inspection records for access control vestibules from the past year.
  • Provide evidence of access control vestibules reviews, audits, or assessments.

Ask AI

Configure your API key to use AI features.