3.10.3 — Escort Every Visitor

The One-Liner

An unescorted visitor near CUI is an uncontrolled person near sensitive information.

What It Says

Escort visitors and monitor visitor activity.

What It Actually Means

Every visitor — including well-known vendors, friends, and family — is signed in, given a distinguishable visitor badge, and escorted by an authorized employee at all times when in areas where CUI is handled or stored. Escort means continuous accompaniment, not ‘check in periodically.’ Monitor means observe their activities. Visitor logs record: name, purpose, escort, arrival/departure times.

---

Pass or Fail

Your assessor needs a “yes” to every row:

#	Question	What “yes” looks like
1	Are visitors escorted?	Escort policy enforced; visitor log with escort name
2	Is visitor activity monitored?	Escorts accompany visitors continuously; CCTV supplements

---

What to Have Ready on Assessment Day

Documents they’ll review: Physical and environmental protection policy; visitor escort procedures; visitor sign-in logs; visitor badge inventory; system security plan

People they’ll talk to: Personnel with physical access responsibilities; information security personnel

Live demos they’ll ask for: “Show me your visitor sign-in process.” “Where are visitor badges? Are they visually distinct?” “Walk me through what happens when a visitor arrives.” “Show me a recent visitor log.”

---

The Assessor’s Playbook

These are the actual questions. Have answers ready.

• “Show me your visitor sign-in process.”
• “Are visitors distinguishable from employees? How?”
• “Show me a recent visitor log entry.”
• “What happens if the escort needs to step away?”

Real-World Example

A defense contractor requires all visitors to sign in at reception, present ID, receive a red ‘VISITOR’ badge, and be assigned an escort. The escort accompanies the visitor at all times in the building. If the escort must leave, the visitor returns to reception. Visitor logs include: name, company, purpose, escort name, arrival and departure times. CCTV in hallways supplements escort monitoring. The assessor reviews the visitor log, confirms badges are visually distinct, and asks a staff member about the escort procedure.

---

Where Companies Trip Up

Unescorted visitors. Left alone ‘just for a minute.’ If the escort leaves, the visitor leaves the area.

No sign-in log. Visitors enter without being recorded. Maintain a visitor log at reception.

No visitor badges. Visitors indistinguishable from employees. Use clearly distinct visitor badges.

---

How to Talk About This

To a CEO or Board

Every visitor signs in, wears a distinctive badge, and is escorted at all times. No exceptions — even for people we know well.

To an Engineering Team

Visitor sign-in at reception. Red VISITOR badge. Escort assigned and continuous. Visitor log: name, company, purpose, escort, times. CCTV supplements. Escort leaves → visitor returns to reception.

---

Connected Requirements

Requirement	Why it matters here
3.10.1 — Lock the Doors	Visitors need escort because areas are access-controlled
3.10.4 — Log Physical Access	Visitor logs are part of physical access audit trail
3.7.6 — Escort Uncleared Techs	Maintenance personnel escort procedures

---

Implementation

🔒

Step-by-step guides for Microsoft 365, AWS, Azure, and GCP are available to Ancitus clients.

Start a conversation →

---

CMMC Practice ID: PE.L2-3.10.3 | SPRS Weight: 1 point | POA&M Eligible: Yes