CMMC 1.0 Practice PE.1.134 Requirement:

Control and manage physical access devices.

CMMC 1.0 PE.1.134 Requirement Explanation:

A physical access device is something that grants access to a physical location. This can include a traditional key, an RFID card, or a pin code. Limiting who you provide physical access devices to is critical for controlling access to your facilities.

Example CMMC 1.0 PE.1.134 Implementation:

Only provide physical access devices to persons that need permanent or extended access to your facilities. Physical access devices include keys to doors, smart cards, and pin codes. When a person with physical access to your facilities no longer needs access (e.g. they get fired) you need to take possession of their keys and smart cards. If they accessed your facilities using a pin code change the pin codes. Changing locks that are opened with a traditional key is also a good idea as keys can easily be copied.

CMMC 1.0 PE.1.134 Scenario(s):

- Scenario 1:

An employee at your company announces that his last day at work will be Tuesday. Before he leaves on Tuesday his manager collects his RFID smart card to prevent him from accessing the facility.

- Scenario 2:

One of the IT staff members at your company will no longer be working from your company's facilities. Because he no longer needs access to the server room or company facilities you collect his RFID card.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More