PE.L2-3.10.2 — Protect and monitor the physical facility and support infrastructure for organizational systems.

What this control requires

Protect and monitor the physical facility and support infrastructure for organizational systems.

Source: CMMC L2 v2.13 PE.L2-3.10.2 / NIST SP 800-171 R2 3.10.2 (official control text).

Why this matters

Physical facilities and infrastructure are the foundation upon which all digital security rests. Unmonitored server rooms, unlocked telecom closets, or exposed cabling create paths for adversaries to bypass network defenses entirely—inserting packet sniffers, tampering with routers, or physically accessing servers. This control addresses insider threats, tailgating attackers, and supply chain compromises where adversaries enter under cover of maintenance or delivery. Continuous monitoring deters unauthorized entry, provides forensic evidence when incidents occur, and ensures environmental hazards (flooding, fire, HVAC failure) are detected before equipment damage cascades into data loss or availability failures.

What evidence assessors expect

Assessors typically look for: photo, screenshot, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls