Back to Control Explorer



Control Acronym



Physical Protection

CMMC Level


800-171 Control #


CMMC Description

Control and manage physical access devices.

CMMC Clarification

Controlling physical access devices like locks, badging, key cards, etc. is just as important as monitoring and limiting who is able to physically access certain equipment. Locks, badges, and key cards are only strong protection if you know who has them and what access they allow. Example A team member retired last week and forgot to turn in company items, including an identification badge and office keys. The project requires special equipment that should be used only by project team members. Before you begin looking for a replacement employee, you make sure to change the locks on the doors to the project area. You also disable the retired team member’s badge.

800-171 Description

Control and manage physical access devices.

800-171 Discussion

Physical access devices include keys, locks, combinations, and card readers.

Other Source Discussion


CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 PE-3

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.10.5

Applicable FAR Clause

FAR Clause 52.204-21 Partial b.1.ix

NIST CSF Control Reference

CERT RMM Reference


Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

PE.1.134.[a] physical access devices are identified;

Assessment Sub-Criteria 2

PE.1.134.[b] physical access devices are controlled; and

Assessment Sub-Criteria 3

PE.1.134.[c] physical access devices are managed.

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15