NIST 800-171 has 6 controls related to physical security. While actually one of the easier areas for most companies to implement, it is still likely to require additional effort.

Security Requirement Family 10: Physical Protection

1. Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

2. Protect and monitor the physical facility and support infrastructure for those information systems.

3. Escort visitors and monitor visitor activity.

4. Maintain audit logs of physical access.

5. Control and manage physical access devices.

6. Enforce safeguarding measures for CUI at alternate work sites (e.g., telework sites).