Access to specific areas of a site should be restricted to only authorized personnel, through the use of controls such as locked doors, mantraps, and gates requiring an ID badge.

Sections

ID	Name	Description
PR009	Physical Exploration	A subject attempts to defeat physical security controls to gain access to a secured area to conduct an infringement.
PR007	CCTV Enumeration	A subject observes and/or records the locations of CCTV cameras in a target area.
ME013	Media Capture	A subject can capture photos, videos and/or audio with an external device, such as taking photos of a screen, documents, or their surroundings.
PR011	Boot Order Manipulation	A subject accesses BIOS or UEFI to manipulate the boot order of a target computer to boot from an external device in order to access the target computer's file system without needing to interact or authenticate with the Operating System of the target computer.
IF011.002	Intentionally Weakening Physical Security Controls For a Third Party	The subject intentionally weakens or bypasses physical security controls for a third party, such as allowing them to piggyback into a secure area, leaving a door unlocked for them, or providing them with a security pass.
IF002.005	Exfiltration via Physical Documents	A subject tansports physical documents outside of the control of the organization.
ME021.003	Physical Access Credentials	Physical security credentials, such as an ID card or physical keys, that were available to the subject during employment are not revoked and can still be used.