Establish and maintain emergency lighting in the facility that activates during a power failure.

UCF ID: 01440
Control Type: Process or Activity
Status: Live

Supporting and supported controls

This control directly supports:

There are no supporting controls.

Authority documents complied with:

DOT Physical Security Survey Checklist, Protective Lighting; FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006, § 3; Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3, App F § PE-12; Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008, PE-12; The Standard of Good Practice for Information Security, CI2.7.2(c); ISO/IEC 17799 Code of Practice for Information Security Management, 2005, § 9.2.2; ISO/IEC 27002 Code of practice for information security management, 2005, § 9.2.2; DoD Instruction 8500.2 Information Assurance (IA) Implementation, PEEL-1; DoD Instruction 8500.2 Information Assurance (IA) Implementation, PEEL-1

US Federal Security Guidance

The emergency lighting should be tested frequently and should automatically start when it is needed. [Protective Lighting, DOT Physical Security Survey Checklist]

Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provide supporting utilities for information systems; (iv) protect information systems against environmental hazards; and (v) provide appropriate environmental controls in facilities containing information systems. [§ 3, FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006]

An automatic emergency lighting system is installed that covers emergency exits. [PEEL-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

An automatic emergency lighting system is installed that covers evacuation routes. [PEEL-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

NIST Guidance

The organization must establish and maintain emergency lighting policies and procedures to maintain automatic emergency lighting for the information system that activates during a power outage or disruption and that covers emergency exits and evacuation routes within the facility. [App F § PE-12, Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3]

Organizational records, documents, and the facility should be examined to ensure an emergency lighting system is installed and starts automatically when a power outage occurs; the emergency lighting covers the emergency exits and evacuation routes; the emergency lighting system has been tested and functions correctly; and specific responsibilities and actions are defined for the implementation of the emergency lighting control. Any problems discovered during the implementation of the emergency lighting control should be documented and used to improve the controls.
Interviews should be conducted with personnel involved in testing and maintaining the emergency lighting system. [PE-12, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A, July 2008]

ISO Guidance

If the main power fails, emergency lighting should be available. [§ 9.2.2, ISO/IEC 17799 Code of Practice for Information Security Management, 2005]

If the main power fails, emergency lighting should be available. [§ 9.2.2, ISO/IEC 27002 Code of practice for information security management, 2005]

General Guidance

The computer installation (facility) should have emergency lighting installed in case of a power loss. [CI2.7.2(c), The Standard of Good Practice for Information Security]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.