CMMC Level 2
Control 3.10.5
Control and Manage Physical Access Devices
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Control and manage physical access devices.
What This Means in Plain English
Keys, badges, combinations, and other physical access devices must be controlled. You need to track who has each device, change combinations periodically, and collect access devices when people leave or no longer need access.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Badge access system with centralized management and immediate deactivation capability
- Key control system tracking all physical keys with sign-out and sign-in records
- Badge deactivation as part of the employee offboarding checklist
- Quarterly audit of active badge assignments against current employee roster
- ComplianceArmor tracking all physical access devices and assigned holders
Assessment Guidance
Assessors will review the physical access device inventory, verify that devices are collected upon termination, check that combination changes occur regularly, and confirm that quarterly audits of device assignments are performed.
Common Implementation Gaps
- No inventory of physical access devices (keys, badges)
- Badges not collected upon employee termination
- Door combinations never changed
- No audit of active badge assignments
- Duplicate keys or badges not tracked
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | PE-3 |
| PCI DSS | Req 9.3 - Control physical access for onsite personnel |
Need Help Implementing 3.10.5?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment