NIST SP 800-171 & CMMC 2.0 3.10.5 Requirement:

Control and manage physical access devices.

NIST SP 800-171 & CMMC 2.0 3.10.5 Requirement Explanation:

A physical access device is something that grants access to a physical location. This can include a traditional key or a key card. Limiting who you provide physical access devices to is critical for controlling access to your facilities.

Example NIST SP 800-171 & CMMC 2.0 3.10.5 Implementation:

Only provide physical access devices to persons that need permanent or extended access to your facilities. Physical access devices include keys, key cards, and pin codes. When a person with physical access to your facilities no longer needs access (e.g. they get fired) you need to take possession of their keys and smart cards. If they accessed your facilities using a pin code change the pin codes. Maintain a list of keys and cards used to access your facilities.

NIST SP 800-171 & CMMC 2.0 3.10.5 Scenario(s):

- Scenario 1:

An employee at your company announces that his last day at work will be Tuesday. Before he leaves on Tuesday his manager collects his key card to prevent him from accessing the facility.

- Scenario 2:

One of the IT staff members at your company will no longer be working from your company's facilities. Because he no longer needs access to the server room or company facilities you collect his key card.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.