CCI-000928

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility where the information system resides at organization-defined physical spaces containing one or more components of the information system.

Implementation Guidance

The organization being inspected/assessed will provide documentation of additional physical access authorizations for the facility/facilities at physical spaces containing one or more components of the information system defined in PE-3 (1), CCI 2926. The organization will ensure that these controls are separate from, and independent of, the physical access controls established for the facility.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of additional physical access authorizations for the facility/facilities at physical spaces containing one or more components of the information system. The objective of the examination is to determine if the organization is enforcing additional physical access authorizations to areas of the facility at physical spaces containing one or more components of the information system defined in PE-3 (1), CCI 2926. These controls are independent of the physical access controls established for the facility.

Compelling Evidence

1.) List of additional physical access authorizations

The controls below (if any) were marked by NIST as being related to CCI-000928.