PE-07 Visitor Control

Control: The organization controls physical access to the information system by authenticating visitors before authorizing access to the facility where the information system resides other than areas designated as publicly accessible.

Supplemental Guidance: Government contractors and others with permanent authorization credentials are not considered visitors. Personal Identity Verification (PIV) credentials for federal employees and contractors conform to FIPS 201, and the issuing organizations for the PIV credentials are accredited in accordance with the provisions of NIST Special Publication 800-79.

Control Enhancements: (1) The organization escorts visitors and monitors visitor activity, when required.

Baseline: LOW PE-7 MOD PE-7 (1) HIGH PE-7 (1)

Family: Physical And Environmental Protection

Class: Operational

ISO 17799 mapping: 9.1.2

COBIT 4.1 mapping: DS12.3

PCI-DSS v2 mapping: 9.2, 9.3.x