PE.L1-3.10.3 Escort Visitors - DIB SCC CyberAssist

CMMC Practice PE.L1-3.10.3 – Escort Visitors: Escort visitors and monitor visitor activity.

Links to Publicly Available Resources

CMMC Level 1 Self-Assessment Guide
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.
ID Watchdog – Workplace Physical Security Is an Essential Component of Cybersecurity: 11 Ways to Better Protect People, Devices, and Data
This article describes how proper physical security provides additional protection people, devices, and data.
Pearson – Physical and Environmental Security
This abstract, derived from the book "Developing Cybersecurity Programs and Policies, 3rd Edition", provides guidance on how to develop and implement physical controls through policy and practice.
SANS Whitepaper – Physical Security and Why It Is Important
This SANS whitepaper provides a broad overview of the importance of physical security as it intersects with cybersecurity.
State of Michigan – Physical Protection Policy Sample
This example policy from the State of Michigan provides guidance for personnel for the protection of Criminal Justice Information (CJI).

Discussion [NIST SP 800-171 R2]
Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.

Further Discussion
Do not allow visitors, even those people you know well, to walk around your facility without an escort. Make sure that all non-employees wear special visitor badges and/or are escorted by an employee at all times while on the property.