PE-3(1): Information System Access

Control Family:

Physical And Environmental Protection

Parent Control:

PE-3: Physical Access Control

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-2
DE.CM-2
DE.CM-7
DE.DP-3

Threats Addressed:

Spoofing
Repudiation

Baselines:

High

Next Version:

NIST Special Publication 800-53 Revision 5:
PE-3(1): System Access

Control Statement

The organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility at [Assignment: organization-defined physical spaces containing one or more components of the information system].

Supplemental Guidance

This control enhancement provides additional physical security for those areas within facilities where there is a concentration of information system components (e.g., server rooms, media storage areas, data and communications centers).