CMMC Requirement PE.L2-3.10.3 – Escort Visitors: Escort visitors and monitor visitor activity.
Links to Publicly Available Resources
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1. This document provides physical security guidance and how to report suspicious behavior and activity. This example policy from the FBI provides guidance for personnel for the protection of Criminal Justice Information (CJI). This document provides physical security guidance specific to small businesses. The article provides the risks associated with physical security and guidance on securing physical devices. This article describes how proper physical security provides additional protection people, devices, and data. This guide is intended to provide small and medium-sized organizations with guidance for using Microsoft 365 (M365) to satisfy the Cybersecurity Maturity Model Certification (CMMC) Level 1 requirements. This abstract, derived from the book "Developing Cybersecurity Programs and Policies, 3rd Edition", provides guidance on how to develop and implement physical controls through policy and practice. This SANS whitepaper provides a broad overview of the importance of physical security as it intersects with cybersecurity.
Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.
Further Discussion
Do not allow visitors, even those people you know well, to walk around your facility without an escort. Make sure that all non-employees wear special visitor badges and/or are escorted by an employee at all times while on the property.