9.3.1.1 Physical access to sensitive areas within the CDE for personnel is controlled as follows:

• Access is authorized and based on individual job function.
• Access is revoked immediately upon termination.
• All physical access mechanisms, such as keys, access cards, etc., are returned or disabled upon termination.

Defined Approach Requirements

9.3.1.1 Physical access to sensitive areas within the CDE for personnel is controlled as follows:

• Access is authorized and based on individual job function.
• Access is revoked immediately upon termination.
• All physical access mechanisms, such as keys, access cards, etc., are returned or disabled upon termination.

Customized Approach Objective

Sensitive areas cannot be accessed by unauthorized personnel.

Defined Approach Testing Procedures

9.3.1.1.a Observe personnel in sensitive areas within the CDE, interview responsible personnel, and examine physical access control lists to verify that:

• Access to the sensitive area is authorized.
• Access is required for the individual's job function.

9.3.1.1.b Observe processes and interview personnel to verify that access of all personnel is revoked immediately upon termination.

9.3.1.1.c For terminated personnel, examine physical access controls lists and interview responsible personnel to verify that all physical access mechanisms (such as keys, access cards, etc.) were returned or disabled.

Purpose

Controlling physical access to sensitive areas helps ensure that only authorized personnel with a legitimate business need are granted access.

Good Practice

Where possible, organizations should have policies and procedures to ensure that before personnel leaving the organization, all physical access mechanisms are returned, or disabled as soon as possible upon their departure. This will ensure personnel cannot gain physical access to sensitive areas once their employment has ended.