Navigate

PE-3 (1)

PE-3 (1): Information System Access

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility at [Assignment: organization-defined physical spaces containing one or more components of the information system].

Supplemental

This control enhancement provides additional physical security for those areas within facilities where there is a concentration of information system components (e.g., server rooms, media storage areas, data and communications centers).

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
Int-A, Int-B, Int-C

Related Controls

The controls below (if any) were marked by NIST as being related to PE-3 (1).

Control	Description
PS-2	The organization: PS-2a.: Assigns a risk designation to all organizational positions; PS-2b.: Establishes screening criteria for individuals filling those positions; and PS-2c.: Reviews and updates position risk designations [Assignment: organization-defined frequency].

Enhancements

The controls below (if any) add on to the requirements of PE-3 (1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to PE-3 (1).

CCI	Definition
CCI-000928	The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility where the information system resides at organization-defined physical spaces containing one or more components of the information system.
CCI-002926	The organization defines the physical spaces containing one or more components of the information system that require physical access authorizations and controls at the facility where the information system resides.