CCI-002913

The organization restricts unescorted access to the facility where the information system resides to personnel with one or more of the following: security clearances for all information contained within the system; formal access authorizations for all information contained within the system; need for access to all information contained within the system; organization-defined credentials.

Implementation Guidance

The organization being inspected/assessed defines and documents the requirements that must be met before unescorted access to the facility where the information system resides will be granted. These requirements will be selected from: security clearances for all information contained within the system; formal access authorizations for all information contained within the system; need for access to all information contained within the system; credentials defined in PE-2 (3), CCI 2914. This requirement must be documented within the organization's physical security policy.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the physical security policy to ensure the organization being inspected/assessed has selected one or more of the physical security requirements that must be met before unescorted access to the facility where the information system resides is granted

Compelling Evidence

1.) PSP document which defines requirements needed for access, per CCI 2914

The controls below (if any) were marked by NIST as being related to CCI-002913.