The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The tenth of the 14 Families of Requirements for NIST 800-171 compliance is physical protection.
What is Physical Protection in Terms of NIST 800-171?
The Physical Protection family of requirements addresses security of the physical facility and access to IT environments, as well as requirements surrounding site visitors and the security of off-site worksites. Physical access is limited to authorized users; visitors must be escorted and physical access logs maintained. Physical access devices and alternate work sites must be secured. A physical security plan and a business continuity plan outlining the use of alternate work sites are required. Physical security consists of 2 Basic Security requirements and 4 Derived Security requirements.
Basic Security Requirements
- 3.10.1 Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals.
- 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems.
Derived Security Requirements
- 3.10.3 Escort visitors and monitor visitor activity
- 3.10.4 Maintain audit logs of physical access.
- 3.10.5 Control and manage physical access devices.
- 3.10.6 Enforce safeguarding measures for CUI at alternate work sites.
For information on enterprise and user security when teleworking check out SP 800-46 and SP 800-114. To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC.
How NeQter Labs Can Help
NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.
