03.10.05 —
What this control requires
Source: NIST SP 800-171 R3 §03.10.05 (official control text).
Why this matters
Physical access controls prevent unauthorized individuals from entering facilities where CUI is processed, stored, or transmitted. This control requires documented procedures for escorting visitors and monitoring their activities while inside controlled areas. Without escort protocols, visitors could access sensitive systems, view confidential information on screens or whiteboards, connect unauthorized devices to networks, or physically remove media containing CUI. Effective visitor management creates accountability, deters malicious actors, and ensures that every non-employee's presence is supervised and logged from entry to exit.
What evidence assessors expect
Assessors typically look for: PDF, photo, training certificate. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.10.05.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →