03.10.02: Monitoring Physical Access
Control Familly: Physical Protection
SPRS: N/A
Top Ten Failed Requirement: N/A
Supporting Publications:
N/A
Referenced in: N/A
Control Type: N/A
CPCSC Level 2: 03.10.02
CMMC Level(s): N/A
Derived From: NIST SP 800-53r5
PE-06
a. Monitor physical access to the facility where the system resides to detect and respond to physical security incidents.
b. Review physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events].
Discussion:
A facility can include one or more physical locations containing systems or system components that process, store, or transmit CUI. Physical access monitoring includes publicly accessible areas within organizational facilities. Examples of physical access monitoring include guards, video surveillance equipment (i.e., cameras), and sensor devices. Reviewing physical access logs can help to identify suspicious activities, anomalous events, or potential threats. The reviews can be supported by audit logging controls if the access logs are part of an automated system. Incident response capabilities include investigations of physical security incidents and responses to those incidents. Incidents include security violations or suspicious physical access activities, such as access outside of normal work hours, repeated access to areas not normally accessed, access for unusual lengths of time, and outof-sequence access.
Assessment Methods and Objectives
Examine [SELECT FROM: physical protection policy and procedures; procedures for physical access monitoring; physical access logs or records; physical access monitoring records; physical access log reviews; system security plan; other relevant documents or records]
Interview [SELECT FROM: personnel with physical access monitoring responsibilities; personnel with incident response responsibilities; personnel with information security responsibilities]
Test [SELECT FROM: processes for monitoring physical access; mechanisms for supporting or implementing physical access monitoring; mechanisms for supporting or implementing the review of physical access logs]
NIST SP 800-171A r3 Determining Statements Determine if:
A.03.10.02.ODP[01]: the frequency at which to review physical access logs is defined.
A.03.10.02.ODP[02]: events or potential indications of events requiring physical access logs to be reviewed are defined.
A.03.10.02.a[01]: physical access to the facility where the system resides is monitored to detect physical security incidents.
A.03.10.02.a[02]: physical security incidents are responded to.
A.03.10.02.b[01]: physical access logs are reviewed <A.03.10.02.ODP[01]: frequency>.
A.03.10.02.b[02]: physical access logs are reviewed upon occurrence of <A.03.10.02.ODP[02]: events or potential indications of events>.
The Security Requirements
NIST SP 800-171r3 (USA) & ITSP.10.171 (Canada)
3.5. Identification and Authentication
3.12. Security Assessment and Monitoring
3.13. System and Communications Protection
3.14. System and Information Integrity
3.16. System and Services Acquisition
3.17. Supply Chain Risk Management
CMMC 3.0 - N/A
CPCSC - N/A