PE.2.135

Control Acronym

PE

Family

Physical Protection

CMMC Level

2

800-171 Control #

3.10.2

CMMC Description

Protect and monitor the physical facility and support infrastructure for organizational systems.

CMMC Clarification

Make sure that the infrastructure inside of your facility, such as power and network cables, is protected so that visitors and employees cannot access it. The protection also has to be monitored. This can be done with security guards, video cameras, sensors and alarms. Example You are responsible for protecting your organization’s IT facilities. You install video monitoring at each entrance and exit. You also make sure there are secure locks on all entrances and exits to the facilities.

800-171 Description

Protect and monitor the physical facility and support infrastructure for organizational systems.

800-171 Discussion

Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for example, by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution, transmission, and power lines. Security controls applied to the support infrastructure prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Physical access controls to support infrastructure include locked wiring closets; disconnected or locked spare jacks; protection of cabling by conduit or cable trays; and wiretapping sensors.

Other Source Discussion

N/A

CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 PE-6

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.10.2

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.AC-2

CERT RMM Reference

CERT RMM v1.2 KIM:SG4.SP2

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Assessment Sub-Criteria 1

PE.2.135.[a] the physical facility where organizational systems reside is protected;

Assessment Sub-Criteria 2

PE.2.135.[b] the support infrastructure for organizational systems is protected;

Assessment Sub-Criteria 3

PE.2.135.[c] the physical facility where organizational systems reside is monitored; and

Assessment Sub-Criteria 4

PE.2.135.[d] the support infrastructure for organizational systems is monitored.

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15