Skip to content

Family 3.10 6 requirements

Physical Security.

Walls, doors, badges. And the people inside.

The big picture

Cloud-only ops still need physical security for the offices where CUI is viewed, edited, and discussed.

Theme 1

Authorise and monitor.

3.10.1 — 3.10.2

Limiting physical access to authorised individuals and protecting the support infrastructure.

3.10.1 Lock the Doors. PE.L1-3.10.1 · Limit Physical Access Limit physical access to CUI systems, equipment, and operating environments to authorized individuals. 1 pts
L1

3.10.2 Watch the Building. PE.L2-3.10.2 · Monitor Facility Protect and monitor the physical facility and support infrastructure — cameras, alarms, environmental controls. 1 pts

Theme 2

Escort and log.

3.10.3 — 3.10.5

Escorting visitors, monitoring activity, and maintaining logs of physical access.

3.10.3 Escort Every Visitor. PE.L1-3.10.3 · Escort Visitors Visitors escorted and monitored at all times in CUI areas. Sign-in, badges, no exceptions. 1 pts
L1

3.10.4 Log Physical Access. PE.L1-3.10.4 · Physical Access Logs Maintain audit logs of who accessed secured CUI areas and when. 1 pts
L1

3.10.5 Manage Keys and Badges. PE.L1-3.10.5 · Manage Physical Access Inventory and control all physical access devices — keys, badges, cards, combinations. 1 pts
L1

Theme 3

Remote and mobile sites.

3.10.6 only

Enforcing safeguards at alternate work sites — home offices and field locations.

3.10.6 Home Office Security. PE.L2-3.10.6 · Alternative Work Sites Define and enforce security safeguards for CUI at alternate work sites — home offices and travel. 1 pts