Does your organization regularly review and monitor physical access records to track visitor and personnel entry to facilities?
Explanation
Regular review of physical access records helps identify unauthorized access attempts, verify compliance with access policies, and maintain an audit trail of who entered facilities and when. This includes monitoring visitor logs, employee badge access data, and any other physical entry records to detect anomalies or security incidents.
Evidence could include screenshots of access log review procedures, redacted samples of reviewed access logs with annotations showing follow-up actions, or documentation of a periodic access review process with timestamps and reviewer signatures.
Implementation Example
Review and monitor physical access records (e.g., from visitor registration, sign-in sheets)
ID: DE.CM-02.277
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- The physical environment is monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

