Navigate

CCI-002910

CCI-002910 Definition

The organization approves a list of individuals with authorized access to the facility where the information system resides.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed formally approves a list of individuals currently authorized to access the facility where the information system resides.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the list of individuals currently authorized to access the facility where the information system resides and ensures it is formally approved.

Compelling Evidence

1.) Sample of approved facility requests 2.) List of authorized personnel

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002910.

Control	Description
PE-2	The organization: PE-2a.: Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides; PE-2b.: Issues authorization credentials for facility access; PE-2c.: Reviews the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; and PE-2d.: Removes individuals from the facility access list when access is no longer required.

Control

Description

PE-2

The organization:

PE-2a.: Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides;

PE-2b.: Issues authorization credentials for facility access;

PE-2c.: Reviews the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; and

PE-2d.: Removes individuals from the facility access list when access is no longer required.