PE-3(1): Information System Access

CSF v1.1 References:

Threats Addressed:


  • High

Next Version:

Control Statement

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility at [Assignment: organization-defined physical spaces containing one or more components of the information system].

Supplemental Guidance

This control enhancement provides additional physical security for those areas within facilities where there is a concentration of information system components (e.g., server rooms, media storage areas, data and communications centers).