NIST SP 800-171 & CMMC 2.0 Control 3.10.1 Requirement:
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
NIST SP 800-171 & CMMC 2.0 3.10.1 Requirement Explanation:
Physical security controls protect information and systems from being accessed by unauthorized persons.
Example NIST SP 800-171 & CMMC 2.0 3.10.1 Implementation:
Prevent unauthorized persons from accessing your company's facilities. Prevent unauthorized persons from physically accessing devices used to support DoD projects. This includes workstations, servers, network devices, printers, and fax machines. Determine which areas of your facility are non-sensitive (e.g., the lobby). Determine which areas of your facility are sensitive. Sensitive areas include your server room and places where your work on DoD contracts. Install locks on doors leading to sensitive areas in your facility. Only provide keys to authorized persons. Provide your employees with ID cards to distinguish them from visitors. . Keep your servers and network devices in a locked room or closet (e.g., server room). Keep hard drives containing “Controlled Unclassified Information” (CUI) in locked containers. Keep paperwork containing “Controlled Unclassified Information” (CUI) in locked cabinets. Place printers and fax machines that print “Controlled Unclassified Information” (CUI) in areas that can only be accessed by authorized persons.
NIST SP 800-171 & CMMC 2.0 3.10.1 Scenario(s):
- Scenario 1:
Jim installs a smart card reader at the entrance of his company's office and at the door to the server room. He provides each employee with a smart card to access the office. He provides authorized members of the IT team access to the server room.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.