Description
The organization controls physical access to the information system by authenticating visitors before authorizing access to the facility where the information system resides other than areas designated as publicly accessible.
Supplemental Guidance
Government contractors and others with permanent authorization credentials are not considered visitors. Personal Identity Verification (PIV) credentials for federal employees and contractors conform to FIPS 201, and the issuing organizations for the PIV credentials are accredited in accordance with the provisions of NIST Special Publication 800-79.
Enhancements
(1) The organization escorts visitors and monitors visitor activity, when required.
Compliance Mappings
ISO 27001:2022
A.7.6
ISO 27002:2022
7.27.6
COBIT 2019
DSS01DSS05
PCI DSS v4.0.1
9.29.3
BSI IT-Grundschutz
INF.1INF.2
ANSSI
Hygiene.37SecNumCloud.12.2
OSFI B-13
B-13.3.2
BIO2
7.27.6
FISC Security Guidelines
FISC.F1
HKMA TM-E-1
TME1.5.1
DNB Good Practice
DNB.21.2
UAE IA
T6
CBB TM
TM-10
Qatar NIA
PS
CBE CSF
CTO-10
BoG CISD
CISD-XIV
BoM CTRM
3.5
FFIEC IS
II.C.8
HIPAA Security Rule
ยง164.310(a)(1)
CMMC 2.0
PE
HITRUST CSF v11
08.a
ISO 27799
11.1
ISO 17799 (legacy)
9.1.2
COBIT 4.1 (legacy)
DS12.3