CCI-000915

Defines the frequency with which to review the access list detailing authorized facility access by individuals.

Implementation Guidance

Determine if the access list detailing authorized facility access by individuals is reviewed [PE-02_ODP; frequency at which to review the access list detailing authorized facility access by individuals is defined].

Validation Procedures

Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access authorizations; authorized personnel access list; authorization credentials; physical access list reviews; physical access termination records and associated documentation; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with physical access authorization responsibilities; organizational personnel with physical access to system facility; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for physical access authorizations; mechanisms supporting and/or implementing physical access authorizations].

The controls below (if any) were marked by NIST as being related to CCI-000915.