PR.AA-06
Physical access to assets is managed, monitored, and enforced commensurate with risk
Implementation examples
- Ex1: Use security guards, security cameras, locked entrances, alarm systems, and other physical controls to monitor facilities and restrict access
- Ex2: Employ additional physical security controls for areas that contain high-risk assets
- Ex3: Escort guests, vendors, and other third parties within areas that contain business-critical assets
Mapped NIST 800-53 r5 controls (9)
All informative references (57)
- CCMv4.0: DCS-03
- CCMv4.0: DCS-07
- CCMv4.0: DCS-09
- CCMv4.0: DCS-10
- CCMv4.0: DCS-12
- CCMv4.0: DCS-14
- CCMv4.0: HRS-04
- CCMv4.0: LOG-12
- CCMv4.0: UEM-05
- CCMv4.0: UEM-06
- CCMv4.0: UEM-14
- CRI Profile v2.0: PR.AA-06
- CRI Profile v2.0: PR.AA-06.01
- CRI Profile v2.0: PR.AA-06.02
- CSF v1.1: PR.AC-2
- CSF v1.1: PR.PT-4
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 7.1
- ISO/IEC 27001:2022: Annex A Controls: 7.2
- ISO/IEC 27001:2022: Annex A Controls: 7.3
- ISO/IEC 27001:2022: Annex A Controls: 7.4
- ISO/IEC 27001:2022: Annex A Controls: 7.12
- NICE Framework: DD-WRL-001
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-013
- NICE Framework: OG-WRL-014
- PCI DSS: 9.3.1.1
- PCI DSS: 9.2.4
- PCI DSS: 9.2.3
- PCI DSS: 9.5.1.2
- SCF: PES-01
- SCF: PES-02
- SCF: PES-02.1
- SCF: PES-03
- SP 800-171 Rev 3: 03.10.01
- SP 800-171 Rev 3: 03.10.02
- SP 800-171 Rev 3: 03.10.07
- SP 800-171 Rev 3: 03.10.08
- SP 800-53 Rev 5.1.1: PE-02
- SP 800-53 Rev 5.1.1: PE-03
- SP 800-53 Rev 5.1.1: PE-04
- SP 800-53 Rev 5.1.1: PE-05
- SP 800-53 Rev 5.1.1: PE-06
- SP 800-53 Rev 5.1.1: PE-08
- SP 800-53 Rev 5.1.1: PE-18
- SP 800-53 Rev 5.1.1: PE-19
- SP 800-53 Rev 5.1.1: PE-20
- SP 800-53 Rev 5.2.0: PE-02
- SP 800-53 Rev 5.2.0: PE-03
- SP 800-53 Rev 5.2.0: PE-04
- SP 800-53 Rev 5.2.0: PE-05
- SP 800-53 Rev 5.2.0: PE-06
- SP 800-53 Rev 5.2.0: PE-08
- SP 800-53 Rev 5.2.0: PE-18
- SP 800-53 Rev 5.2.0: PE-19
- SP 800-53 Rev 5.2.0: PE-20
- SSDF: PO.5.2
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).