NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION
PE-3(8) — Access Control Vestibules
Employ access control vestibules at {{ insert: param, pe-03.08_odp }}.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
No related controls listed
Supplemental Guidance
An access control vestibule is part of a physical access control system that typically provides a space between two sets of interlocking doors. Vestibules are designed to prevent unauthorized individuals from following authorized individuals into facilities with controlled access. This activity, also known as piggybacking or tailgating, results in unauthorized access to the facility. Interlocking door controllers can be used to limit the number of individuals who enter controlled access points and to provide containment areas while authorization for physical access is verified. Interlocking door controllers can be fully automated (i.e., controlling the opening and closing of the doors) or partially automated (i.e., using security guards to control the number of individuals entering the containment area).
Practitioner Notes
Access control vestibules — also called mantraps or airlocks — are small rooms between two interlocking doors where only one door can be open at a time. They prevent tailgating and piggybacking into secured areas.
Example 1: Install an access control vestibule at the entrance to your server room or data center. Configure it so the outer door must close and lock before the inner door will open. Require badge authentication at both doors to prevent unauthorized entry.
Example 2: For existing facilities where a physical vestibule is not practical, implement an anti-tailgating system using optical turnstiles with sensors that detect when more than one person passes per badge swipe. Alert security when tailgating is detected.