>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PE-8(1)Visitor Access Records | Automated Records Maintenance and Review

IL4 High
IL5
IL6

>Control Description

Maintain and review visitor access records using organization-defined automated mechanisms.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Visitor access records may be stored and maintained in a database management system that is accessible by organizational personnel. Automated access to such records facilitates record reviews on a regular basis to determine if access authorizations are current and still required to support organizational mission and business functions.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern the implementation of automated records maintenance and review for the organization's facilities?
  • Who is responsible for overseeing and maintaining automated records maintenance and review controls?
  • How frequently are automated records maintenance and review controls reviewed and updated?
  • What process exists for granting exceptions to automated records maintenance and review requirements?
  • How does the organization ensure accountability for automated records maintenance and review across all facility locations?

Technical Implementation:

  • What technologies or systems technically implement automated records maintenance and review?
  • How are these systems configured to meet the control requirements?
  • What monitoring or alerting capabilities exist for automated records maintenance and review?
  • How do automated records maintenance and review systems integrate with other physical security infrastructure?
  • What redundancy or backup mechanisms support automated records maintenance and review?

Evidence & Documentation:

  • Provide documented policies and procedures for automated records maintenance and review.
  • Provide evidence of automated records maintenance and review implementation and configuration.
  • Provide logs, records, or reports demonstrating automated records maintenance and review activities over the past 90 days.
  • Provide testing, maintenance, or inspection records for automated records maintenance and review from the past year.
  • Provide evidence of automated records maintenance and review reviews, audits, or assessments.

Ask AI

Configure your API key to use AI features.