CMMC Level 2
Control 3.10.2
Protect and Monitor Physical Facility
CMMC-RP Certified Team
24+ Years Experience
CMMC-AB RPO #1449
Official Requirement
Protect and monitor the physical facility and support infrastructure for those information systems.
What This Means in Plain English
The building and infrastructure supporting your IT systems (power, cooling, network wiring) must be physically secured and monitored. This includes environmental controls to protect against fire, water, and other threats.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- 24/7 security camera surveillance on all building entrances and IT areas
- Environmental monitoring (temperature, humidity, water detection) in server rooms
- UPS and generator backup protecting against power disruptions
- Fire suppression systems (clean agent) in server rooms
- Physical security alarm system with 24/7 monitoring service
Assessment Guidance
Assessors will verify security camera coverage and retention, check environmental monitoring systems, review power backup capabilities, confirm fire suppression systems are present and tested, and check that physical security alarms are monitored.
Common Implementation Gaps
- No security cameras at facility entrances or IT areas
- No environmental monitoring in server rooms
- No UPS or generator backup
- Fire suppression not appropriate for IT equipment (water-based in server room)
- Security alarm system not monitored 24/7
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | PE-2, PE-3, PE-6(1) |
| HIPAA | 164.310(a)(2)(ii) - Facility Security Plan |
| PCI DSS | Req 9.1 - Use appropriate facility entry controls |
Need Help Implementing 3.10.2?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment Calculate your SPRS score