Security Requirements for 03.10.01 Physical Access Authorizations

A facility can include one or more physical locations containing systems or system components that process, store, or transmit CUI. Physical access authorizations apply to employees and visitors. Individuals with permanent physical access authorization credentials are not considered visitors. Authorization credentials include identification badges, identification cards, and smart cards. Organizations determine the strength of the authorization credentials consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines. Physical access authorizations may not be necessary to access certain areas within facilities that are designated as publicly accessible.

View CPRT 03.10.01

  1. 03.10.01.a

    Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides.

  1. 03.10.01.b

    Issue authorization credentials for facility access.

  1. 03.10.01.c

    Review the facility access list [Assignment: organization-defined frequency].

  1. 03.10.01.d

    Remove individuals from the facility access list when access is no longer required.