Navigate

PE-3(1)

PE-3(1): Information System Access

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility at [organization-defined physical spaces containing one or more components of the information system].

Supplemental

This control enhancement provides additional physical security for those areas within facilities where there is a concentration of information system components (e.g., server rooms, media storage areas, data and communications centers).

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to PE-3(1).

Control	Description
PS-2	The organization: a: Assigns a risk designation to all organizational positions; b: Establishes screening criteria for individuals filling those positions; and c: Reviews and updates position risk designations [organization-defined frequency].

Enhancements

The controls below (if any) add on to the requirements of PE-3(1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to PE-3(1).

CCI	Definition
CCI-000928	Enforce physical access authorizations to the system in addition to the physical access controls for the facility where the system resides at organization-defined physical spaces containing one or more components of the system.
CCI-002926	Defines the physical spaces containing one or more components of the system that require physical access authorizations and controls at the facility where the system resides.