03.10.02 — (a) Monitor physical access to the facility where the system resides to detect and respond to physical security incidents. (b) Review physical access logs {{ insert: param, A.03.10.02.ODP.01 }} and upon occurrence of {{ insert: param, A.03.10.02.ODP.02 }}.

What this control requires

(a) Monitor physical access to the facility where the system resides to detect and respond to physical security incidents. (b) Review physical access logs {{ insert: param, A.03.10.02.ODP.01 }} and upon occurrence of {{ insert: param, A.03.10.02.ODP.02 }}.

Source: NIST SP 800-171 R3 §03.10.02 (official control text).

Why this matters

Physical access monitoring detects unauthorized entry, tailgating, after-hours intrusions, and anomalous movement near systems processing CUI. Without continuous surveillance and regular log reviews, attackers can physically tamper with hardware, install malicious devices, steal media, or access systems directly—bypassing network defenses entirely. This control creates a deterrent effect, provides forensic evidence after incidents, and enables rapid response to security violations before data exfiltration or sabotage occurs. Organizations must combine real-time detection capabilities with routine analysis to catch both obvious breaches and subtle patterns indicating reconnaissance or insider threats.

What evidence assessors expect

Assessors typically look for: screenshot, photo, PDF, configuration export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls