Back to Control Explorer



Control Acronym



Physical Protection

CMMC Level


800-171 Control #


CMMC Description

Escort visitors and monitor visitor activity.

CMMC Clarification

Do not allow visitors, even those people you know well, to walk around your facility without an escort. Make sure that all non-employees wear special visitor badges and/or are escorted by an employee at all times while on your property. Example Coming back from a meeting, you see the friend of a coworker walking down the hallway near your office. You know this person well and trust them, but are not sure why they are in the building. You stop to talk, and the person explains that they are supposed to meet the coworker for lunch, but cannot remember where the lunchroom is. You offer to walk the person back to the reception area to get a visitor badge and wait until someone can escort them to the lunch room. You report this incident, and the company decides to install a badge reader at the main door so visitors cannot enter without an escort.

800-171 Description

Escort visitors and monitor visitor activity.

800-171 Discussion

Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monitor visitor activity.

Other Source Discussion


CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 PE-3

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.10.3

Applicable FAR Clause

FAR Clause 52.204-21 Partial b.1.ix

NIST CSF Control Reference

CERT RMM Reference


Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

PE.1.132.[a] visitors are escorted; and

Assessment Sub-Criteria 2

PE.1.132.[b] visitor activity is monitored.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15