3.10.2 — Protect and monitor the facility | NIST 800-171 Control

You protect and monitor the physical facility and its support infrastructure.

What it actually means

Beyond limiting access, protect and monitor the facility itself — and the support infrastructure (power, wiring closets) that systems depend on. Monitoring can be as simple as cameras/alarms plus a log of physical access.

Pass or fail — an assessor needs a "yes" to each

The facility and support infrastructure are protected.
Physical access/activity is monitored (cameras/alarms/logs).
Support infrastructure (power, comms closets) is secured.

What to have ready

Facility security measures
Monitoring (camera/alarm) + physical access logs
Protection of wiring/utility areas

Where teams trip up

No monitoring of physical access
Unsecured comms/utility closets
Cameras that aren't actually recording/retained

See where this control puts your score

Run all 110 requirements free in about 10 minutes.

Calculate your SPRS score →

Connected requirements

3.10.1 — Limit physical access 3.10.4 — Log physical access

← Back to the Control Library