NIST SP 800-171 & CMMC 2.0 3.10.4 Requirement:

Maintain audit logs of physical access.

NIST SP 800-171 & CMMC 2.0 3.10.4 Requirement Explanation:

Ensure that only authorized persons have accessed your facilities. You can detect suspicious activity by reviewing when someone has accessed your facilities. An example of suspicious access is an employee entering the office late at night.

Example NIST SP 800-171 & CMMC 2.0 3.10.4 Implementation:

Maintain a written or digital record of who has entered your company's facility. Require employees to sign in at a sign-in sheet when entering and exiting your facilities. You can alternatively install a key card entry system. This allows you to track when and where an employee has entered your facilities

NIST SP 800-171 & CMMC 2.0 3.10.4 Scenario(s):

- Scenario 1:

Your company installed a key card system at the entry to your facility. Only employees with a key card can enter. When an employee enters with a key card the id associated with their card and the time they accessed the facility is recorded.

- Scenario 2:

John receives a visitor to the office. His visitor signs in at reception and is given a visitor's badge. When the visitor leaves John escorts him to reception and has him sign out. John also takes possession of the visitor's badge.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More