Establish and maintain emergency power shutoff devices.

UCF ID: 01439
Control Type: Process or Activity
Status: Live

Supporting and supported controls

This control directly supports:

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Business Continuity Planning, March 2008, Pg C-3; FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006, § 3; Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3, App F § PE-10; Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008, PE-10; The Standard of Good Practice for Information Security, CI2.7.2(d); ISO/IEC 17799 Code of Practice for Information Security Management, 2005, § 9.2.2; ISO/IEC 27002 Code of practice for information security management, 2005, § 9.2.2; DoD Instruction 8500.2 Information Assurance (IA) Implementation, PEMS-1; DoD Instruction 8500.2 Information Assurance (IA) Implementation, PEMS-1; DoD Instruction 8500.2 Information Assurance (IA) Implementation, PEMS-1; DoD Instruction 8500.2 Information Assurance (IA) Implementation, PEMS-1; ISO/IEC 24762 Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services, 2008, § 6.8.6

Banking and Finance Guidance

The data center should have emergency power shutoff switches that are unobstructed and clearly visible. The shutoff switches also should turn off the air conditioning system. [Pg C-3, FFIEC IT Examination Handbook – Business Continuity Planning, March 2008]

US Federal Security Guidance

Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provide supporting utilities for information systems; (iv) protect information systems against environmental hazards; and (v) provide appropriate environmental controls in facilities containing information systems. [§ 3, FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006]

A master power switch or emergency cut-off switch to IT equipment is present. [PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

A master power switch is located near the main entrance of the IT area. [PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

A master power switch is labeled as being the Master Power Switch. [PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

A master power switch is protected by a cover to prevent accidental shut-off. [PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

NIST Guidance

The organization must establish and maintain emergency shutoff policies and procedures to provide the capability to shut off power to the system or systems in emergency situations; place emergency shutoff switches or devices in designated locations to provide safe and easy access for personnel; and prevent unauthorized activation of emergency power shutoff. [App F § PE-10, Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3]

Organizational records, documents, and the facility should be examined to ensure an emergency shutoff is available and functioning to remove power from any components that are threatened or malfunctioning and specific responsibilities and actions are defined for the implementation of the emergency shutoff control. Any problems discovered during the implementation of the emergency shutoff control should be documented and used to improve the controls.
Interviews should be conducted with personnel who work in data centers, server rooms, and/or mainframe rooms to ensure a power shutoff button exists and the personnel know where it is located. [PE-10, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008]

ISO Guidance

Emergency power off switches should be located near all emergency exits to allow for a fast shutdown of the equipment in case of an emergency. [§ 9.2.2, ISO/IEC 17799 Code of Practice for Information Security Management, 2005]

Emergency power off switches should be located near all emergency exits to allow for a fast shutdown of the equipment in case of an emergency. [§ 9.2.2, ISO/IEC 27002 Code of practice for information security management, 2005]

Service providers should ensure emergency power circuit breakers have been installed in areas that have potential fire hazards because of the heat given off by electrical devices. Emergency power circuit breakers should be installed in areas that have equipment that consumes a large amount of power; be installed next to entrance doors that are designated to an organization; be installed near individual organizational designated areas that are shared by organizations; be protected by a cover; and cause all power supplies, including UPS, to be cut off during an emergency. Operational instructions should be prominently displayed. [§ 6.8.6, ISO/IEC 24762 Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services, 2008]

General Guidance

Emergency power off switches should be placed near emergency exits. [CI2.7.2(d), The Standard of Good Practice for Information Security]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.