PE.L2-3.10.4 — Maintain audit logs of physical access.
What this control requires
Maintain audit logs of physical access.
Source: CMMC L2 v2.13 PE.L2-3.10.4 / NIST SP 800-171 R2 3.10.4 (official control text).
Why this matters
Physical access logs create an auditable trail of who entered controlled areas and when, enabling organizations to investigate security incidents, detect unauthorized access patterns, and demonstrate accountability. Without timestamped entry records, it becomes impossible to determine whether intruders accessed facilities containing CUI systems, or whether insiders accessed restricted areas outside authorized hours. These logs support both real-time alerting for suspicious patterns and forensic analysis after breaches. They prove that physical security controls are not just installed but actively monitored and enforced over time.
What evidence assessors expect
Assessors typically look for: CSV export, screenshot, photo, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on PE.L2-3.10.4.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →