PE-8: Visitor Access Records

CSF v1.1 References:

CSF v2.0 References:

PF v1.0 References:

Threats Addressed:


Previous Version:

Control Statement

  1. Maintain visitor access records to the facility where the system resides for [Assignment: organization-defined time period];
  2. Review visitor access records [Assignment: organization-defined frequency]; and
  3. Report anomalies in visitor access records to [Assignment: organization-defined personnel].

Supplemental Guidance

Visitor access records include the names and organizations of individuals visiting, visitor signatures, forms of identification, dates of access, entry and departure times, purpose of visits, and the names and organizations of individuals visited. Access record reviews determine if access authorizations are current and are still required to support organizational mission and business functions. Access records are not required for publicly accessible areas.

Control Enhancements