CMMC Practice PE.L2-3.10.2 – Monitor Facility: Protect and monitor the physical facility and support infrastructure for organizational systems.
Links to Publicly Available Resources
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This SANS whitepaper provides a broad overview of the importance of physical security as it intersects with cybersecurity. This example policy from the State of Michigan provides guidance for personnel for the protection of Criminal Justice Information (CJI). This video give a brief introduction to various physical security control methods that can be deployed in your environment.
Discussion [NIST SP 800-171 R2]
Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for example, by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution, transmission, and power lines. Security controls applied to the support infrastructure prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Physical access controls to support infrastructure include locked wiring closets; disconnected or locked spare jacks; protection of cabling by conduit or cable trays; and wiretapping sensors.
Further Discussion
The infrastructure inside of a facility, such as power and network cables, is protected so that visitors and unauthorized employees cannot access it. The protection is also monitored by security guards, video cameras, sensors, or alarms.