Requirement text: PE.2.135: Protect and monitor the physical facility and support infrastructure for
organizational systems.
DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Monitoring of physical access includes publicly accessible areas within organizational
facilities. This can be accomplished, for example, by the employment of guards; the use of
sensor devices; or the use of video surveillance equipment such as cameras. Examples of
support infrastructure include system distribution, transmission, and power lines. Security
controls applied to the support infrastructure prevent accidental damage, disruption, and
physical tampering. Such controls may also be necessary to prevent eavesdropping or
modification of unencrypted transmissions. Physical access controls to support
infrastructure include locked wiring closets; disconnected or locked spare jacks; protection
of cabling by conduit or cable trays; and wiretapping sensors.
CMMC CLARIFICATION
Make sure that the infrastructure inside of your facility, such as power and network cables,
is protected so that visitors and employees cannot access it. The protection also has to be
monitored. This can be done with security guards, video cameras, sensors and alarms.
Example
You are responsible for protecting your organization’s IT facilities. You install video
monitoring at each entrance and exit. You also make sure there are secure locks on all
entrances and exits to the facilities.
References
• NIST SP 800-171 Rev 1 3.10.2
• NIST CSF v1.1 PR.AC-2
• CERT RMM v1.2 KIM:SG4.SP2
• NIST SP 800-53 Rev 4 PE-6