Access Control (AC)
Audit & Accountability (AU)
Awareness & Training (AT)
Configuration Management (CM)
Identification & Authentication (IA)
Incident Response (IR)
Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Risk Assessment (RA)
Security Assessment (CA)
Systems & Communications Protection (SC)
System & Information Integrity (SI)
DOMAIN: Physical Protection |
Practice:PE.L2-3.10.2
|
CAPABILITY: C028 Limit Physical access
|
Protect and monitor the physical facility and support infrastructure for organizational systems. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· Policy and procedure related to physical and environmental protection to determine the type of physical security access and monitoring controls are in place, such as key card systems, guards, locks, or manual logging.
· Physical security access logs and reports of actual or investigated physical security incidents.
Each system (manual or logical) may be subject to the review of logs and procedures to ensure that the controls do provide a capability for detection and response to physical security incidents.
Click here to see details
Practice:PE.L2-3.10.6
|
CAPABILITY: C028 Limit Physical access
|
Enforce safeguarding measures for CUI at alternate work sites. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· Policy and procedures addressing alternate work sites and the inspection of remote locations to ensure that security requirements for remote locations are implemented and operating as intended.
· Inventories of approved alternate work sites including employees working from residences and hotels.
Click here to see details (additional assessment notes available)Copyright © 2022 Celerium. All Rights Reserved.