CMMC v2.0 - Physical Protection

1. PE.L2-3.10.6 Enforce safeguarding measures for CUI at alternate work sites.

1.1. Determine if:

1.2. (a) safeguarding measures for CUI are defined for alternate work sites"

1.3. "Determine if: (b) safeguarding measures for CUI are enforced for alternate work sites"

2. PE.L1-3.10.1 Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

2.1. Determine if:

2.2. (a) authorized individuals allowed physical access are identified"

2.3. (b) physical access to organizational systems is limited to authorized individuals

2.4. (c) physical access to equipment is limited to authorized individuals

2.5. (d) physical access to operating environments is limited to authorized individuals

3. PE.L2-3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems.

3.1. Determine if:

3.2. (a) the physical facility where organizational systems reside is protected"

3.3. (b) the support infrastructure for organizational systems is protected

3.4. (c) the physical facility where organizational systems reside is monitored

3.5. (d) the support infrastructure for organizational systems is monitored

4. PE.L1-3.10.3 Escort visitors and monitor visitor activity.

4.1. "Determine if:

4.2. (a) visitors are escorted"

4.3. (b) visitor activity is monitored"

5. PE.L1-3.10.4 Maintain audit logs of physical access.

5.1. "Determine if:

5.2. (a) audit logs of physical access are maintained"

6. PE.L1-3.10.5 Control and manage physical access devices.

6.1. "Determine if:

6.2. (a) physical access devices are identified"

6.3. (b) physical access devices are controlled"

6.4. (c) physical access devices are managed"