← All Domains

PE — Physical Protection

new org

SPRS Score: -1203

Objective Progress 0 / 16 (0.0%)
CMMC Practices MET 0 / 6
Domain Score Impact -14

CMMC scoring changes when all assessment objectives for a practice are MET; objective progress updates as each objective is assessed.

PE.L2-3.10.1 DoD Weight: 5 Deduction: -5 Basic
Not Yet Assessed
Requirement: Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.10.1[a] = Not Yet Assessed; 3.10.1[b] = Not Yet Assessed; 3.10.1[c] = Not Yet Assessed; 3.10.1[d] = Not Yet Assessed

Assessment Objectives (4)

  • 3.10.1[a]
    Determine if: authorized individuals allowed physical access are identified.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.1[b]
    Determine if: physical access to organizational systems is limited to authorized individuals.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.1[c]
    Determine if: physical access to equipment is limited to authorized individuals.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.1[d]
    Determine if: physical access to operating environments is limited to authorized individuals.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access authorizations; security plan; authorized personnel access list; authorization credentials; physical access list reviews; physical access termination records and associated documentation; other relevant documents or records].
Interview: [SELECT FROM: Personnel with physical access authorization responsibilities; personnel with physical access to system facility; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for physical access authorizations; mechanisms supporting or implementing physical access authorizations].
PE.L2-3.10.2 DoD Weight: 5 Deduction: -5 Basic
Not Yet Assessed
Requirement: Protect and monitor the physical facility and support infrastructure for organizational systems.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.10.2[a] = Not Yet Assessed; 3.10.2[b] = Not Yet Assessed; 3.10.2[c] = Not Yet Assessed; 3.10.2[d] = Not Yet Assessed

Assessment Objectives (4)

  • 3.10.2[a]
    Determine if: the physical facility where that system resides is protected.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.2[b]
    Determine if: the support infrastructure for that system is protected.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.2[c]
    Determine if: the physical facility where that system resides is monitored.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.2[d]
    Determine if: the support infrastructure for that system is monitored.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access monitoring; security plan; physical access logs or records; physical access monitoring records; physical access log reviews; other relevant documents or records].
Interview: [SELECT FROM: Personnel with physical access monitoring responsibilities; personnel with incident response responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for monitoring physical access; mechanisms supporting or implementing physical access monitoring; mechanisms supporting or implementing the review of physical access logs].
PE.L2-3.10.3 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Escort visitors and monitor visitor activity.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.10.3[a] = Not Yet Assessed; 3.10.3[b] = Not Yet Assessed

Assessment Objectives (2)

  • 3.10.3[a]
    Determine if: visitors are escorted.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.3[b]
    Determine if: visitor activity is monitored.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access control; security plan; physical access control logs or records; inventory records of physical access control devices; system entry and exit points; records of key and lock combination changes; storage locations for physical access control devices; physical access control devices; list of security safeguards controlling access to designated publicly accessible areas within facility; other relevant documents or records].
Interview: [SELECT FROM: Personnel with physical access control responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for physical access control; mechanisms supporting or implementing physical access control; physical access control devices].
PE.L2-3.10.4 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Maintain audit logs of physical access.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.10.4 = Not Yet Assessed

Assessment Objectives (1)

  • 3.10.4
    Determine if: audit logs of physical access are maintained.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access control; security plan; physical access control logs or records; inventory records of physical access control devices; system entry and exit points; records of key and lock combination changes; storage locations for physical access control devices; physical access control devices; list of security safeguards controlling access to designated publicly accessible areas within facility; other relevant documents or records].
Interview: [SELECT FROM: Personnel with physical access control responsibilities; personnel with information security responsibilities
Test: [SELECT FROM: Organizational processes for physical access control; mechanisms supporting or implementing physical access control; physical access control devices].
PE.L2-3.10.5 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Control and manage physical access devices.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.10.5[a] = Not Yet Assessed; 3.10.5[b] = Not Yet Assessed; 3.10.5[c] = Not Yet Assessed

Assessment Objectives (3)

  • 3.10.5[a]
    Determine if: physical access devices are identified.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.5[b]
    Determine if: physical access devices are controlled.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.5[c]
    Determine if: physical access devices are managed.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing physical access control; security plan; physical access control logs or records; inventory records of physical access control devices; system entry and exit points; records of key and lock combination changes; storage locations for physical access control devices; physical access control devices; list of security safeguards controlling access to designated publicly accessible areas within facility; other relevant documents or records].
Interview: [SELECT FROM: Personnel with physical access control responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for physical access control; mechanisms supporting or implementing physical access control; physical access control devices].
PE.L2-3.10.6 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Enforce safeguarding measures for CUI at alternate work sites.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.10.6[a] = Not Yet Assessed; 3.10.6[b] = Not Yet Assessed

Assessment Objectives (2)

  • 3.10.6[a]
    Determine if: safeguarding measures for CUI are defined for alternate work sites.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.10.6[b]
    Determine if: safeguarding measures for CUI are enforced for alternate work sites.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Physical and environmental protection policy; procedures addressing alternate work sites for personnel; security plan; list of safeguards required for alternate work sites; assessments of safeguards at alternate work sites; other relevant documents or records].
Interview: [SELECT FROM: Personnel approving use of alternate work sites; personnel using alternate work sites; personnel assessing controls at alternate work sites; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for security at alternate work sites; mechanisms supporting alternate work sites; safeguards employed at alternate work sites; means of communications between personnel at alternate work sites and security personnel].