About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
PE-8 - Visitor Access Records
Control requirements
PE-8 (a)
Maintain visitor access records to the facility where the system resides for [IBM Assignment: for a minimum of one (1) year].
PE-8 (b)
Review visitor access records [IBM Assignment: at least monthly].
PE-8 (c)
Report anomalies in visitor access records to [Assignment: organization-defined personnel].
NIST supplemental guidance
Visitor access records include the names and organizations of individuals visiting, visitor signatures, forms of identification, dates of access, entry and departure times, purpose of visits, and the names and organizations of individuals visited. Access record reviews determine if access authorizations are current and are still required to support organizational mission and business functions. Access records are not required for publicly accessible areas.