Organizational Control: Physical Access Authorizations

Control ID: PE-2 Physical Access Authorizations Family: Physical and Environmental Protection Source: NIST 800-53r4
Control: The organization:
  1. Develops, approves, and maintains a list of individuals with authorized access to the facility where the information system resides;
  2. Issues authorization credentials for facility access;
  3. Reviews the access list detailing authorized facility access by individuals [Assignment: organization-defined frequency]; and
  4. Removes individuals from the facility access list when access is no longer required.
Supplemental Guidance:
This control applies to organizational employees and visitors. Individuals (e.g., employees, contractors, and others) with permanent physical access authorization credentials are not considered visitors. Authorization credentials include, for example, badges, identification cards, and smart cards. Organizations determine the strength of authorization credentials needed (including level of forge-proof badges, smart cards, or identification cards) consistent with federal standards, policies, and procedures. This control only applies to areas within facilities that have not been designated as publicly accessible.

Related Controls: PE-3, PE-4, PS-3
Control Enhancements: N/A
References: N/A
Mechanisms:
Protocol Implementation Conformance Statements: N/A