CCI-002910

Implementation Guidance

Determine if: - a list of individuals with authorized access to the facility where the system resides has been developed. - the list of individuals with authorized access to the facility where the system resides has been approved. - the list of individuals with authorized access to the facility where the system resides has been maintained.

Validation Procedures

Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access authorizations; authorized personnel access list; authorization credentials; physical access list reviews; physical access termination records and associated documentation; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with physical access authorization responsibilities; organizational personnel with physical access to system facility; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for physical access authorizations; mechanisms supporting and/or implementing physical access authorizations].