This control requires organizations to track and log all physical access to areas where Controlled Unclassified Information (CUI) is stored, processed, or transmitted. These logs must be maintained and reviewable for audit and security purposes.
Read the full blog breakdown of 3.10.4