NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION
PE-6 — Monitoring Physical Access
Monitor physical access to the facility where the system resides to detect and respond to physical security incidents; Review physical access logs {{ insert: param, pe-06_odp.01 }} and upon occurrence of {{ insert: param, pe-06_odp.02 }} ; and Coordinate results of reviews and investigations with the organizational incident response capability.
Supplemental Guidance
Physical access monitoring includes publicly accessible areas within organizational facilities. Examples of physical access monitoring include the employment of guards, video surveillance equipment (i.e., cameras), and sensor devices. Reviewing physical access logs can help identify suspicious activity, anomalous events, or potential threats. The reviews can be supported by audit logging controls, such as [AU-2](#au-2) , if the access logs are part of an automated system. Organizational incident response capabilities include investigations of physical security incidents and responses to the incidents. Incidents include security violations or suspicious physical access activities. Suspicious physical access activities include accesses outside of normal work hours, repeated accesses to areas not normally accessed, accesses for unusual lengths of time, and out-of-sequence accesses.
Practitioner Notes
You need to monitor who is physically entering and leaving your facility and the areas where your systems are located. This means access logs, cameras, guards, or a combination — and someone needs to actually review the records.
Example 1: Configure your badge access system to log all entry and exit events. Review access logs weekly for anomalies — access during unusual hours, repeated denied access attempts, or access by individuals no longer authorized. Investigate and document any anomalies found.
Example 2: Install security cameras at all facility entry points, server room doors, and loading docks. Store recordings for at least 90 days. When an access anomaly is detected in badge logs, cross-reference with camera footage to identify the individual and their activities.