CMMC 1.0 Practice PE.1.131 Requirement:

Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

CMMC 1.0 PE.1.131 Requirement Explanation:

Controlling access to your facilities and devices reduces the likelihood of a security incident. Locked doors and locked containers prevent information from being accessed, stolen or destroyed.

Example CMMC 1.0 PE.1.131 Implementation:

Prevent unauthorized persons from accessing your company's facilities. Prevent unauthorized persons from physically accessing devices used to support DoD projects. This includes workstations, servers, network devices, printers and fax machines. Determine which areas of your facility are non-sensitive (e.g. the lobby). Determine which areas are sensitive. Sensitive areas include your server room and places where your work on DoD contracts. Install smart card readers on doors leading to sensitive areas in your facility. Only provide smart cards to authorized persons. Provide your employees with ID cards to distinguish them from visitors. Limit physical access to your devices. Keep your servers and network devices in a locked room (e.g. server room). Keep hard drives containing “Federal Contract Information” (FCI) or “Controlled Unclassified Information” (CUI) in locked containers. Keep paper work containing “Federal Contract Information” (FCI) or “Controlled Unclassified Information” (CUI) in locked cabinets. Place printers and fax machines that print “Federal Contract Information” (FCI) or “Controlled Unclassified Information” (CUI) in areas that can only be accessed by authorized persons.

CMMC 1.0 PE.1.131 Scenario(s):

- Scenario 1:

Jim installs a smart card reader at the entrance of his company's office and at the door to the server room. He provides each employee with a smart card to access the office. He provides authorized members of the IT team access to the server room.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.