Requirement 9.3.2

Given a physical token (for example, a badge or access device) that expires and that identifies the visitors as non-employee