NIST SP 800-171 & CMMC 2.0 Control 3.10.5 Requirement:

Control and manage physical access devices.

NIST SP 800-171 & CMMC 2.0 3.10.5 Requirement Explanation:

A physical access device is something that grants access to a physical location. This can include a traditional key or a key card. Limiting who you provide physical access devices to is critical for controlling access to your facilities.

Example NIST SP 800-171 & CMMC 2.0 3.10.5 Implementation:

Only provide physical access devices to persons that need permanent or extended access to your facilities. Physical access devices include keys, key cards, and pin codes. When a person with physical access to your facilities no longer needs access (e.g. they get fired) you need to take possession of their keys and smart cards. If they accessed your facilities using a pin code change the pin codes. Maintain a list of keys and cards used to access your facilities.

NIST SP 800-171 & CMMC 2.0 3.10.5 Scenario(s):

- Scenario 1:

An employee at your company announces that his last day at work will be Tuesday. Before he leaves on Tuesday his manager collects his key card to prevent him from accessing the facility.

- Scenario 2:

One of the IT staff members at your company will no longer be working from your company's facilities. Because he no longer needs access to the server room or company facilities you collect his key card.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.