NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-5(2)Link to Individual Identity

Link individual identity to receipt of output from output devices.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Methods for linking individual identity to the receipt of output from output devices include installing security functionality on facsimile machines, copiers, and printers. Such functionality allows organizations to implement authentication on output devices prior to the release of output to individuals.

Practitioner Notes

This enhancement links each piece of output to the individual who produced it, creating accountability. If a sensitive document is found in the wrong place, you can trace it back to who printed it.

Example 1: Enable print logging on your print server that records the username, document name, printer used, and timestamp for every print job. In Windows, enable Audit Object Access on the print server or use a print management tool like PaperCut to maintain detailed logs.

Example 2: Configure printers to stamp a user ID or watermark on printed output. Some enterprise printers support automatic header/footer insertion with the username and date. This makes every printed page traceable to the individual who printed it.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification