PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk

Info icon.

Subcategory is new to this version of the framework and incorporates the following items from the previous version: PR.AC-2: Physical access to assets is managed and protected, PR.PT-4: Communications and control networks are protected.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Use security guards, security cameras, locked entrances, alarm systems, and other physical controls to monitor facilities and restrict access

Ex2: Employ additional physical security controls for areas that contain high-risk assets

Ex3: Escort guests, vendors, and other third parties within areas that contain business-critical assets