NIST 800-171 • LEVEL 2 • PHYSICAL PROTECTION

3.10.2Monitoring Physical Access

Monitor physical access to the facility where the system resides to detect and respond to physical security incidents. Review physical access logs {{ insert: param, A.03.10.02.ODP.01 }} and upon occurrence of {{ insert: param, A.03.10.02.ODP.02 }}.

CMMC Practice Mapping

NIST 800-53 Controls

PE-2

Assessment Objectives

  • physical access to the facility where the system resides is monitored to detect physical security incidents.
  • physical security incidents are responded to.
  • physical access logs are reviewed {{ insert: param, A.03.10.02.ODP.01 }} .
  • physical access logs are reviewed upon occurrence of {{ insert: param, A.03.10.02.ODP.02 }}.

Practitioner Notes

It is not enough to control who can enter — you also need to watch what is happening. This means monitoring entry points and reviewing the logs for anything unusual.

Example 1: Install security cameras at all entry and exit points to your server room and CUI processing areas. Use a system like Verkada, Axis, or Milestone XProtect that provides motion-triggered recording and at least 30 days of retention. Position cameras so they capture faces at door-height, not just the tops of heads.

Example 2: Configure your badge access system to generate alerts for anomalous events — such as access attempts outside business hours, repeated failed badge reads, or tailgating detection (door held open too long). Review physical access logs weekly or after any security incident. Most access control platforms (LenelS2, Genetec, etc.) can email alerts automatically to your security team.

Related NIST 800-171 Requirements

3.10.1 Physical Access Authorizations 3.10.3 Escort Visitors and Monitor Visitor Activity 3.10.4 Maintain Audit Logs of Physical Access 3.10.5 Control and Manage Physical Access Devices