Joint task force transformation initiative


PE-14 TEMPERATURE AND HUMIDITY CONTROLS



Yüklə 5,64 Mb.
səhifə112/186
tarix08.01.2019
ölçüsü5,64 Mb.
#93199
1   ...   108   109   110   111   112   113   114   115   ...   186



PE-14 TEMPERATURE AND HUMIDITY CONTROLS


Control: The organization:

  1. Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and

  2. Monitors temperature and humidity levels [Assignment: organization-defined frequency].

Supplemental Guidance: This control applies primarily to facilities containing concentrations of information system resources, for example, data centers, server rooms, and mainframe computer rooms. Related control: AT-3.

Control Enhancements:

  1. temperature and humidity controls | automatic controls

The organization employs automatic temperature and humidity controls in the facility to prevent fluctuations potentially harmful to the information system.

  1. temperature and humidity controls | monitoring with alarms / notifications

The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment.

References: None.

Priority and Baseline Allocation:

P1

LOW PE-14

MOD PE-14

HIGH PE-14



PE-15 WATER DAMAGE PROTECTION


Control: The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.

Supplemental Guidance: This control applies primarily to facilities containing concentrations of information system resources including, for example, data centers, server rooms, and mainframe computer rooms. Isolation valves can be employed in addition to or in lieu of master shutoff valves to shut off water supplies in specific areas of concern, without affecting entire organizations. Related control: AT-3.

Control Enhancements:

  1. water damage protection | automation support

The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts [Assignment: organization-defined personnel or roles].

Supplemental Guidance: Automated mechanisms can include, for example, water detection sensors, alarms, and notification systems.

References: None.

Priority and Baseline Allocation:

P1

LOW PE-15

MOD PE-15

HIGH PE-15 (1)



PE-16 DELIVERY AND REMOVAL


Control: The organization authorizes, monitors, and controls [Assignment: organization-defined types of information system components] entering and exiting the facility and maintains records of those items.

Supplemental Guidance: Effectively enforcing authorizations for entry and exit of information system components may require restricting access to delivery areas and possibly isolating the areas from the information system and media libraries. Related controls: CM-3, MA-2, MA-3, MP-5, SA-12.

Control Enhancements: None.

References: None.

Priority and Baseline Allocation:

P2

LOW PE-16

MOD PE-16

HIGH PE-16



PE-17 ALTERNATE WORK SITE


Control: The organization:

  1. Employs [Assignment: organization-defined security controls] at alternate work sites;

  2. Assesses as feasible, the effectiveness of security controls at alternate work sites; and

  3. Provides a means for employees to communicate with information security personnel in case of security incidents or problems.

Supplemental Guidance: Alternate work sites may include, for example, government facilities or private residences of employees. While commonly distinct from alternative processing sites, alternate work sites may provide readily available alternate locations as part of contingency operations. Organizations may define different sets of security controls for specific alternate work sites or types of sites depending on the work-related activities conducted at those sites. This control supports the contingency planning activities of organizations and the federal telework initiative. Related controls: AC-17, CP-7.

Control Enhancements: None.

References: NIST Special Publication 800-46.

Priority and Baseline Allocation:



Yüklə 5,64 Mb.

Dostları ilə paylaş:
1   ...   108   109   110   111   112   113   114   115   ...   186




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin