home || catalog: SP800-53rev3 / class: Operational / family: (PE) Physical and Environmental Protection ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE

PE-01
PE-02 *
PE-03
PE-04
PE-05
PE-06
PE-07
PE-08
PE-09
PE-10
PE-11
PE-12
PE-13
PE-14
PE-15
PE-16
PE-17
PE-18
PE-19
PE-20

PL
PM
PS
RA
SA
SC
SI
MMMMM

  PE-02: Physical Access Authorizations  

base control objective:
The organization:
a. Develops and keeps current a list of personnel with authorized access to the facility where the information system resides (except for those areas within the facility officially designated as publicly accessible);
b. Issues authorization credentials;
c. Reviews and approves the access list and authorization credentials [Assignment: organization-defined frequency], removing from the access list, personnel no longer requiring access.

supplemental objective information:
Authorization credentials include, for example, badges, identification cards, and smart cards.

enhancements to the base objective:

(1) The organization authorizes physical access to the facility where the information system resides based on position or role.

(2) The organization requires two forms of identification to gain access to the facility where the information system resides.
Enhancement Supplemental Guidance: Examples of forms of identification are identification badge, key card, cipher PIN, and biometrics.

(3) The organization restricts physical access to facilities containing information systems that process classified, national security information to authorized personnel with appropriate clearances and access authorizations.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

PE-03   Physical Access Control
PE-04   Access Control for Transmission Medium

documents referenced in SP800-53rev3 for PE-02:

None.

Document Date Status Title

Search SP800-53rev3 catalog: