← Back to catalog
PE-6

Monitoring Physical Access

Physical and Environmental Protection (PE)
Baselines
Low · IncludedModerate · IncludedHigh · Included
Description

Monitor physical access to the facility where the system resides to detect and respond to physical security incidents; Review physical access logs [assignment] and upon occurrence of [assignment] ; and Coordinate results of reviews and investigations with the organizational incident response capability.

Discussion

Physical access monitoring includes publicly accessible areas within organizational facilities. Examples of physical access monitoring include the employment of guards, video surveillance equipment (i.e., cameras), and sensor devices. Reviewing physical access logs can help identify suspicious activity, anomalous events, or potential threats. The reviews can be supported by audit logging controls, such as [AU-2](#au-2) , if the access logs are part of an automated system. Organizational incident response capabilities include investigations of physical security incidents and responses to the incidents. Incidents include security violations or suspicious physical access activities. Suspicious physical access activities include accesses outside of normal work hours, repeated accesses to areas not normally accessed, accesses for unusual lengths of time, and out-of-sequence accesses.

Implementation guidance

No content available.

CSF 2.0 crosswalk
DE.CM-02The physical environment is monitored to find potentially adverse eventsDetect
PR.AA-06Physical access to assets is managed, monitored, and enforced commensurate with riskProtect