CMMC 1.0 Practice PE.1.133 Requirement:

Maintain audit logs of physical access.

CMMC 1.0 PE.1.133 Requirement Explanation:

Ensure that only authorized persons have accessed your facilities. You can detect suspicious activity by reviewing when someone has accessed your facilities. An example of suspicious access is an employee entering the office late at night.

Example CMMC 1.0 PE.1.133 Implementation:

Maintain a written or digital record of who has entered your company's facility (e.g. your office). Require visitors to sign in at a sign in sheet when entering and exiting your facilities. Record employee access by securing doors with smart card readers. This allows you to track when and where an employee has entered your facilities.

CMMC 1.0 PE.1.133 Scenario(s):

- Scenario 1:

Your company installed a smart card system at the entry to your facility. Now only employees with a key card can enter. When an employee enters with a key card the id associated with their card and the time they accessed the facility is recorded. This allows for access logs to be periodically reviewed.

- Scenario 2:

John receives a visitor to the office. His visitor signs in at reception and is given a visitors badge. When the visitor leaves John escorts him to reception and has him sign out. John also takes possession of the visitors badge.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.