This objective verifies that your organization actively enforces physical access controls protecting systems that store, process, or transmit Controlled Unclassified Information (CUI). It’s not just about installing the controls—it’s about ensuring they’re consistently used, monitored, and maintained.