During a CMMC Assessment, the assessor is determining if the Escort Visitors practice is MET. Personnel with which of the following responsibilities would be MOST appropriate to interview?
The Escort Visitors practice falls under Physical and Environmental Protection (PE.L2-3.10.3), which requires organizations to escort visitors and monitor visitor activity. To validate this, the assessor should interview personnel responsible for physical access control (security guards, facility access managers) and information security (to confirm integration with CUI protection requirements).
Exact Extracts:
PE.L2-3.10.3: “Escort visitors and monitor visitor activity.”
Assessment Guide: “Interview personnel responsible for physical access control and security monitoring to confirm escort and visitor activity tracking.”
Assessment Objectives: Require evidence of visitor escorts, visitor logs, and monitoring practices.
Why the other options are not correct:
A (Repair/maintenance): Not responsible for escort procedures.
B (Local access control only): Missing the information security link, which ensures visitors cannot access CUI assets.
D (IT management): IT is not responsible for escorting visitors in physical spaces.
[References:, CMMC Assessment Guide – Level 2, Version 2.13: PE.L2-3.10.3 (pp. 154–156)., NIST SP 800-171A: Assessment procedures for visitor escort and monitoring., , , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit