Description
The organization maintains visitor access records to the facility where the information system resides (except for those areas within the facility officially designated as publicly accessible) that includes: (i) name and organization of the person visiting; (ii) signature of the visitor; (iii) form of identification; (iv) date of access; (v) time of entry and departure; (vi) purpose of visit; and (vii) name and organization of person visited. Designated officials within the organization review the visitor access records [Assignment: organization-defined frequency].\n
Supplemental Guidance
None.\n
Changes from Rev 4
Requires the reporting of anomalies in visitor access records to specified personnel Discussion amplifies the benefit of reviewing access records
Enhancements
\n
Compliance Mappings
ISO 27002:2022
7.2
NIST CSF 2.0
DE.CM-02
SOC 2 TSC
CC6.4-POF4
ISO 17799 (legacy)
9.1.2
COBIT 4.1 (legacy)
DS12.3