Basic Security Requirements:

10.1 Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

10.2 Protect and monitor the physical facility and support infrastructure for those information systems.

Derived Security Requirements:

10.3 Escort visitors and monitor visitor activity.

10.4 Maintain audit logs of physical access.

10.5 Control and manage physical access devices.

10.6 Enforce safeguarding measures for CUI at alternate work sites (e.g., telework sites).