PE-3(2)

Requirement

Perform security checks [Assignment: organization-defined frequency] at the physical perimeter of the facility or system for exfiltration of information or removal of system components.

Discussion

Organizations determine the extent, frequency, and/or randomness of security checks to adequately mitigate risk associated with exfiltration.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Physical and environmental protection policy; procedures addressing physical access control; physical access control logs or records; records of security checks; security audit reports; security inspection reports; facility layout documentation; system entry and exit points; system security plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with physical access control responsibilities; organizational personnel with information security responsibilities].

Test

[SELECT FROM: Organizational processes for physical access control to the facility and/or system; mechanisms supporting and/or implementing physical access control for the facility or system; mechanisms supporting and/or implementing security checks for the unauthorized exfiltration of information].

ID	Assessment Objectives
PE-03(02)	security checks are performed <PE-03(02)_ODP frequency> at the physical perimeter of the facility or system for exfiltration of information or removal of system components.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!