PE.L2-3.10.3 — Escort visitors and monitor visitor activity.

What this control requires

Escort visitors and monitor visitor activity.

Source: CMMC L2 v2.13 PE.L2-3.10.3 / NIST SP 800-171 R2 3.10.3 (official control text).

Why this matters

Physical access by unauthorized visitors poses insider threat risks including theft of sensitive data, installation of malicious hardware, shoulder-surfing credentials, and unauthorized photography of CUI or controlled systems. Escorted supervision ensures visitors cannot access restricted areas, tamper with equipment, or observe sensitive information without oversight. This control protects against social engineering attacks where malicious actors pose as vendors, delivery personnel, or guests to gain physical proximity to systems processing federal contract information. Monitoring visitor activity creates accountability and provides forensic records if a security incident occurs during or after a visit.

What evidence assessors expect

Assessors typically look for: PDF, photo, training certificate. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls