CMMC 1.0 Practice PE.1.134 Requirement:

Control and manage physical access devices.

CMMC 1.0 PE.1.134 Requirement Explanation:

A physical access device is something that grants access to a physical location. This can include a traditional key, an RFID card, or a pin code. Limiting who you provide physical access devices to is critical for controlling access to your facilities.

Example CMMC 1.0 PE.1.134 Implementation:

Only provide physical access devices to persons that need permanent or extended access to your facilities. Physical access devices include keys to doors, smart cards, and pin codes. When a person with physical access to your facilities no longer needs access (e.g. they get fired) you need to take possession of their keys and smart cards. If they accessed your facilities using a pin code change the pin codes. Changing locks that are opened with a traditional key is also a good idea as keys can easily be copied.

CMMC 1.0 PE.1.134 Scenario(s):

- Scenario 1:

An employee at your company announces that his last day at work will be Tuesday. Before he leaves on Tuesday his manager collects his RFID smart card to prevent him from accessing the facility.

- Scenario 2:

One of the IT staff members at your company will no longer be working from your company's facilities. Because he no longer needs access to the server room or company facilities you collect his RFID card.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.