NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-5Access Control for Output Devices

Control physical access to output from {{ insert: param, pe-05_odp }} to prevent unauthorized individuals from obtaining the output.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Controlling physical access to output devices includes placing output devices in locked rooms or other secured areas with keypad or card reader access controls and allowing access to authorized individuals only, placing output devices in locations that can be monitored by personnel, installing monitor or screen filters, and using headphones. Examples of output devices include monitors, printers, scanners, audio devices, facsimile machines, and copiers.

Practitioner Notes

Output devices — printers, monitors, fax machines, audio devices — produce data that anyone nearby can see or hear. You need to control physical access to prevent unauthorized people from viewing or taking printed output.

Example 1: Place printers in areas accessible only to authorized personnel — not in public hallways or reception areas. Enable pull printing (also called follow-me printing) using a solution like PaperCut, Pharos, or the printer's built-in feature, so documents only print when the user authenticates at the printer.

Example 2: Position monitors so they face away from windows and walkways. Install privacy screens on monitors in shared workspaces. For fax machines receiving sensitive documents, place them in a locked room and assign someone to retrieve and distribute incoming faxes promptly.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification