PE.L1-3.10.5 — Control and manage physical access devices.
What this control requires
Control and manage physical access devices.
Source: CMMC L1 v2.13 PE.L1-3.10.5 / FAR 52.204-21(b)(1) / NIST SP 800-171 R2 3.10.5 (official control text).
Why this matters
Physical access devices — keys, locks, key cards, biometric readers, and gate controllers — are the primary mechanism preventing unauthorized individuals from entering facilities where CUI is processed or stored. Without systematic control over who holds keys, which card readers are active, or when lock combinations were last changed, an organization cannot demonstrate that physical security boundaries are actually enforced. This control mitigates the risk of unauthorized physical access by former employees, visitors who overstay authorization, or stolen credentials enabling facility breach.
What evidence assessors expect
Assessors typically look for: CSV export, photo, screenshot, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on PE.L1-3.10.5.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →