NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-8(1)Automated Records Maintenance and Review

Maintain and review visitor access records using {{ insert: param, pe-8.1_prm_1 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Visitor access records may be stored and maintained in a database management system that is accessible by organizational personnel. Automated access to such records facilitates record reviews on a regular basis to determine if access authorizations are current and still required to support organizational mission and business functions.

Practitioner Notes

This enhancement requires automated systems to maintain and review visitor access records, replacing or augmenting manual sign-in books with electronic systems.

Example 1: Deploy a digital visitor management system (Envoy, Traction Guest, or HID Visitor Manager) that integrates with your badge system. The system automatically logs entry and exit times, generates daily visitor reports, and alerts security to visitors who overstay their appointment.

Example 2: Configure automated weekly reports from your visitor management system that summarize total visitors, repeat visitors, areas accessed, and any anomalies (unsigned checkouts, off-hours visits). Send these reports to your security manager for review and file them in your compliance records.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification