PE.L1-3.10.3 — Escort visitors and monitor visitor activity.

What this control requires

Escort visitors and monitor visitor activity.

Source: CMMC L1 v2.13 PE.L1-3.10.3 / FAR 52.204-21(b)(1) / NIST SP 800-171 R2 3.10.3 (official control text).

Why this matters

Unescorted visitors pose an insider threat risk — they may intentionally or accidentally access sensitive systems, view confidential information, or introduce malicious devices. This control requires organizations to maintain continuous supervision of anyone who lacks permanent physical access authorization, from delivery personnel to contractors to prospective clients. Even trusted partners should not roam facilities unsupervised. By maintaining line-of-sight oversight and logging visitor movements, the organization prevents unauthorized access to CUI workstations, server rooms, and storage areas while creating an audit trail for security investigations.

What evidence assessors expect

Assessors typically look for: PDF, photo, CSV export, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls