CMMC Requirement PE.L2-3.10.3 – Escort Visitors: Escort visitors and monitor visitor activity.
Links to Publicly Available Resources
- CMMC Level 1 Self-Assessment Guide
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.
- FBI – Physical Protection Policy Sample
This example policy from the FBI provides guidance for personnel for the protection of Criminal Justice Information (CJI).
- ID Watchdog – Workplace Physical Security Is an Essential Component of Cybersecurity: 11 Ways to Better Protect People, Devices, and Data
This article describes how proper physical security provides additional protection people, devices, and data.
- Pearson – Physical and Environmental Security
This abstract, derived from the book "Developing Cybersecurity Programs and Policies, 3rd Edition", provides guidance on how to develop and implement physical controls through policy and practice.
- SANS Whitepaper – Physical Security and Why It Is Important
This SANS whitepaper provides a broad overview of the importance of physical security as it intersects with cybersecurity.
Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.
Further Discussion
Do not allow visitors, even those people you know well, to walk around your facility without an escort. Make sure that all non-employees wear special visitor badges and/or are escorted by an employee at all times while on the property.