CMMC and DFARS
Visitor controls, logging, and evidence aligned with CMMC L2 and DFARS 252.204-7012.
Why visitors matter for CMMC/DFARS
Physical access = possible access to CUI
Visitors with physical access to facilities may have potential access to Controlled Unclassified Information (CUI). CMMC Level 2 and DFARS 252.204-7012 require strong access controls and audit logging for all physical access events, including visitors.
Visitor history required
CMMC and DFARS audits require complete visitor history documentation. Who visited, when, where, and what they accessed must be documented and available for review. Immutable audit logs provide the evidence needed for compliance reviews.
Strong logging required
CMMC L2 requires detailed audit logging (AU.2.042) and log review (AU.2.043). DFARS 252.204-7012 mandates strong access controls and audit trails. Visitor management systems must provide comprehensive logging that meets these requirements.
SecurePoint capabilities
Sanctions + identity checks
Real-time screening across OFAC, BIS, UN, EU, UK lists. Identity verification with optional ID scanning. Comprehensive visitor screening that supports CMMC access control requirements.
Immutable logs
Append-only audit logs that cannot be modified or deleted. Every visitor check-in, screening result, and access decision is recorded with timestamps, actor, and site. Meets CMMC AU.2.042 requirements.
Role-based access
Granular permissions ensure only authorized personnel can view sensitive visitor data and audit logs. Site-scoped access controls for multi-site organizations. Supports CMMC access control (AC) requirements.
Exportable evidence bundles
Pre-configured export templates for CMMC and DFARS audits. Includes visitor history, screening results, access logs, and complete audit trails. CSV and PDF formats with all required documentation.
Alignment with audit expectations
Timestamp accuracy
All audit log entries include precise timestamps with timezone information. Timestamps are generated at the database level to prevent tampering. Meets CMMC AU.2.042 requirements for accurate time stamps.
Long-term retention
Optional 1 year and 7 year retention add-ons available for long-term compliance documentation. Audit logs are archived to cost-effective storage while maintaining accessibility for compliance reviews.
Human-in-the-loop on sensitive actions
All sensitive decisions require human approval. AI assistance is optional and fully logged. Compliance managers make final decisions on visitor access, with complete audit trails showing who decided, what they saw, and when.
Ready to meet CMMC and DFARS requirements?
Start a 7 day free trial or schedule a walkthrough with our team.