PE-08 Access Records
Control: The organization maintains visitor access records to the facility where the information system resides (except for those areas within the facility officially designated as publicly accessible) that includes: (i) name and organization of the person visiting; (ii) signature of the visitor; (iii) form of identification; (iv) date of access; (v) time of entry and departure; (vi) purpose of visit; and (vii) name and organization of person visited. Designated officials within the organization review the visitor access records [Assignment: organization-defined frequency].
Supplemental Guidance: None.
Control Enhancements:
(1) The organization employs automated mechanisms to facilitate the maintenance and review of access records.
(2) The organization maintains a record of all physical access, both visitor and authorized individuals.
Baseline: LOW PE-8 MOD PE-8 HIGH PE-8 (1) (2)
Family: Physical And Environmental Protection
Class: Operational
ISO 17799 mapping: 9.1.2
COBIT 4.1 mapping: DS12.3
PCI-DSS v2 mapping: 9.4