Extreme heat and smoke detection

Status: Live

The organization will maintain heat and smoke detection devices and systems. [UCF ID 00728]

Supporting and supported controls

This control directly supports:

Maintain adequate environmental controls [UCF Control ID 00724]

There are no supporting controls.

Authority documents complied with:

AICPA Suitable Trust Services Principles and Criteria, ¶ .20 § 3.1, ¶ .24 § 3.17; FFIEC IT Examination Handbook – Business Continuity Planning, March 2008, Pg C-3; FFIEC IT Examination Handbook – Operations, July 2004, Pg 19, Exam Tier I Obj 7.1, Exam Tier II Obj D.1; FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006, § 3; Federal Information System Controls Audit Manual (FISCAM), February 2009, SC-2.2; Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 2, PE-13; The Standard of Good Practice for Information Security, CI2.6.3; Archer Control Table, ATCS-126, ATCS-127, ATCS-128, ATCS-129, ATCS-132, ATCS-134, ATCS-142

Sarbanes Oxley Guidance

The organization should have heat and smoke detectors installed. [¶ .20 § 3.1, ¶ .24 § 3.17, AICPA Suitable Trust Services Principles and Criteria]

Banking and Finance Guidance

All facilities should have smoke and heat detectors in the ceilings, under raised flooring, and in exhaust ducts. [Pg C-3, FFIEC IT Examination Handbook – Business Continuity Planning, March 2008]

The organization should install heat and smoke detectors on the ceiling, in exhaust ducts, and under raised flooring. [Pg 19, Exam Tier I Obj 7.1, Exam Tier II Obj D.1, FFIEC IT Examination Handbook – Operations, July 2004]

US Federal Security Guidance

For Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provide supporting utilities for information systems; (iv) protect information systems against environmental hazards; and (v) provide appropriate environmental controls in facilities containing information systems. [§ 3, FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006]

For Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provide supporting utilities for information systems; (iv) protect information systems against environmental hazards; and (v) provide appropriate environmental controls in facilities containing information systems. [SC-2.2, Federal Information System Controls Audit Manual (FISCAM), February 2009]

NIST Guidance

For high impact systems the fire suppression and detection devices/systems provide automatic notification of any activation to the organization and emergency responders. [PE-13, Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 2]

General Guidance

All facilities should have fire alarms that are tested regularly and maintained in accordance with the manufacturer's recommendations. [CI2.6.3, The Standard of Good Practice for Information Security]