CCI-000916

The organization authorizes physical access to the facility where the information system resides based on position or role.

Implementation Guidance

The organization being inspected/assessed must: 1. Develop and document a list of roles or positions that have access to the facility where the information system resides. 2. Identify and document personnel assigned to those roles. 3. Authorize and document access to the facility to personnel in identified roles

Validation Procedures

The organization conducting the inspection/assessment obtains and examines: 1. The list of roles or positions that have access to the facility where the information system resides. 2. The list of personnel assigned to those roles Recommended: 3. Access logs to verify access to the facility was authorized based on the appropriate roles and positions

Compelling Evidence

1.) List of roles, personnel assigned to those roles and access logs

The controls below (if any) were marked by NIST as being related to CCI-000916.