Description
The organization maintains visitor access records to the facility where the information system resides (except for those areas within the facility officially designated as publicly accessible) that includes: (i) name and organization of the person visiting; (ii) signature of the visitor; (iii) form of identification; (iv) date of access; (v) time of entry and departure; (vi) purpose of visit; and (vii) name and organization of person visited. Designated officials within the organization review the visitor access records [Assignment: organization-defined frequency].
Supplemental Guidance
None.
Changes from Rev 4
Requires the reporting of anomalies in visitor access records to specified personnel Discussion amplifies the benefit of reviewing access records
Compliance Mappings
ISO 27001:2022
A.7.2A.7.4
ISO 27002:2022
7.27.4
COBIT 2019
DSS01DSS05
NIST CSF 2.0
PR.AA-06
PCI DSS v4.0.1
9.29.3
CSA CCM v4
DCS-10
CSA AICM v1
DCS-10
BSI IT-Grundschutz
INF.1INF.2
ANSSI
Hygiene.37SecNumCloud.12.2
FINMA Circular 2023/1
IV.C(66)
OSFI B-13
B-13.3.2B-13.3.3
EU GDPR
Art.32(1)(b)
BIO2
7.27.4
RBI CSF
Annex1.3ITGRCA.18
FISC Security Guidelines
FISC.F1
HKMA TM-E-1
TME1.5.1
MLPS 2.0
8.1.1.28.1.8.3
DNB Good Practice
DNB.21.1DNB.21.2
SWIFT CSCF
SWIFT.3.1
SAMA CSF
3.7
NCA ECC
1-11
UAE IA
T6
CBB TM
TM-10
Qatar NIA
PS
CBE CSF
CTO-10
SA JS2
JS2-PE
CBN CSF
Part10
BoG CISD
CISD-XIV
BoM CTRM
3.5
IOSCO Cyber Resilience
PROT-5
FFIEC IS
II.C.8
HIPAA Security Rule
§164.310(a)(1)§164.310(a)(2)(iii)
ECB CROE
CROE.2.3.6
EBA ICT Guidelines
3.4.3
SEBI CSCRF
PR.PE
BOT Cyber Resilience
Ch2.8
CMMC 2.0
PE
NERC CIP
CIP-006-6
10 CFR 73.54
RG5.71-B-PE
API 1164
Sec 14
IAEA NSS 17-T
Sec 10
Solvency II
EIOPA-ICT-4.5
Lloyd's Minimum Standards
PHYS.1
HITRUST CSF v11
08.a
ISO 27799
11.1
Basel SCO60
SCO60.62
ISO 17799 (legacy)
9.1.2
COBIT 4.1 (legacy)
DS12.3