CMMC 1.0 Practice PE.1.133 Requirement:

Maintain audit logs of physical access.

CMMC 1.0 PE.1.133 Requirement Explanation:

Ensure that only authorized persons have accessed your facilities. You can detect suspicious activity by reviewing when someone has accessed your facilities. An example of suspicious access is an employee entering the office late at night.

Example CMMC 1.0 PE.1.133 Implementation:

Maintain a written or digital record of who has entered your company's facility (e.g. your office). Require visitors to sign in at a sign in sheet when entering and exiting your facilities. Record employee access by securing doors with smart card readers. This allows you to track when and where an employee has entered your facilities.

CMMC 1.0 PE.1.133 Scenario(s):

- Scenario 1:

Your company installed a smart card system at the entry to your facility. Now only employees with a key card can enter. When an employee enters with a key card the id associated with their card and the time they accessed the facility is recorded. This allows for access logs to be periodically reviewed.

- Scenario 2:

John receives a visitor to the office. His visitor signs in at reception and is given a visitors badge. When the visitor leaves John escorts him to reception and has him sign out. John also takes possession of the visitors badge.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More