Back

Install an Uninterruptible Power Supply sized to support all critical systems.


CONTROL ID
00725
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Document the uninterrupted power requirements for all in scope systems., CC ID: 06707

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • F37.2: The organization shall install an emergency power generator for each automatic fire alarm system in the computer and data storage rooms. F61: The organization shall allow for a sufficient margin for capacity of the power supply facilities to ensure there is a steady supply of electricity to t… (F37.2, F61, F62, F63, F63.1, F63.2, F64, F64.3, F64.4, F71, F106, F108, F108.2, F109, F109.3, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • To ensure the steady supply of electric power to the computer systems, it is necessary to allow an adequate margin in the power capacity of the power supply facilities. (F61.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To ensure that the computer systems can operate consistently in a stable state, an UPS (Uninterruptible Power Supply) should be installed for supply of electric power of high quality. (F63.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is recommended that UPS be capable of receiving the supply of power from a private power generation facility to ensure uninterrupted operation even in the event of failure of commercial power for a prolonged period of time. The storage battery, charger, and other equipment connected to the UPS mu… (F63.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • As for the lighting and air-conditioners necessary for the operation of a computer system, it is recommended that its power can also be supplied from a private power generation facility. Since it takes some time to switch over to the private power generation facility, room temperature will rise and … (F64.3., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is recommended that servers, etc. be equipped with uninterruptible power supplies (UPS) in order to avoid the destruction of data due to power failure. (F109.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To ensure there is sufficient backup power, the FI should install backup power consisting uninterruptible power supplies, battery arrays, and/or diesel generators. (§ 10.3.4, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • A power distribution board with a feed from an Uninterruptible Power Supply is used to power all TOP SECRET ICT equipment. (Control: ISM-1123; Revision: 3, Australian Government Information Security Manual, June 2023)
  • A power distribution board with a feed from an Uninterruptible Power Supply is used to power all TOP SECRET ICT equipment. (Control: ISM-1123; Revision: 3, Australian Government Information Security Manual, September 2023)
  • Top secret facilities should have the power distribution board in a top secret area and a feed from an Uninterruptible Power Supply in order to power all of the equipment. (Control: 1123, Australian Government Information Security Manual: Controls)
  • Top secret facilities must have the power distribution board in a top secret area and a feed from an Uninterruptible Power Supply in order to power all of the equipment in facilities where the facility is shared by government organizations and non-government organizations. (Control: 1135, Australian Government Information Security Manual: Controls)
  • The data center should have some form of backup uninterruptible power supply (UPS). It should be sized according to the number of systems it will need to support and how long it needs to keep the systems running after a power failure. (Annex E.2.1, PAS 77 IT Service Continuity Management. Code of Practice, 2006)
  • Security systems should have an emergency power system to ensure a continuous power supply. A standby emergency power source (usually a power generator) is the most effective method of providing power in the event of an outage. An Uninterruptible Power Supply (UPS) provides continuous power to the s… (Pg 6-I-20 thru Pg 6-I-23, Pg 19-IV-6, Protection of Assets Manual, ASIS International)
  • The power supply to critical facilities should be protected by using Uninterruptible Power Supply devices. (CF.19.02.02a, The Standard of Good Practice for Information Security)
  • The power supply to critical facilities should be protected by using Uninterruptible Power Supply devices. (CF.19.02.02a, The Standard of Good Practice for Information Security, 2013)
  • ¶ 8.1.7(6) Physical Security. An organization should combine the identification of the environment with safeguards which deal with physical protection. The following items may apply to buildings, secure areas, computer rooms and offices. The safeguard selection depends on which part of the building… (¶ 8.1.7(6), ¶ 10.3.8, ISO 13335-4 Information technology - Guidelines for the management of IT Security - Part 4: Selection of safeguards, 2000)
  • Service providers should ensure procedures and policies have been implemented to provide an adequate supply of electrical power is always available. Procedures should be implemented to ensure the power supply meets the minimum redundancy, reliability, security, and quality standards, including monit… (§ 6.8.1, § 6.8.2, § 6.8.3, § 6.8.4, ISO 24762 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, 2008)
  • To protect the equipment from power failures, an uninterruptible power supply (UPS) should be used to provide enough power to shut down the system in an orderly fashion. (§ 9.2.2, ISO 27002 Code of practice for information security management, 2005)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Do the UPSes in the battery/UPS room support all necessary availability needs? (§ F.1.5.7, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • The organization must have an uninterruptible power supply or a backup generator to shut down the system in an orderly manner. In the case of an extended primary power source loss, the organization must have a redundant and parallel power cabling path or a long-term alternate power supply that can p… (CSR 5.1.3, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • The organization will use Uninterruptible Power Supplies (UPS) for power surges or failures. (Pg 47, C-TPAT Supply Chain Security Best Practices Catalog)
  • An emergency backup power plan must exist for the electrical systems that support the physical Intrusion Detection Systems. (§ 3.5.7 ¶ 3, DISA Access Control STIG, Version 2, Release 3)
  • The lighting system and alarm system should have a secondary power supply that is protected and starts automatically when the power fails. (Protective Lighting, Protective Alarms, DOT Physical Security Survey Checklist)
  • Use of independent electrical feeds drawing from separate power grids and automatic fail-over to a live power source, where multiple feeds or backup power generators are used. (App A Objective 13:9d Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • An alternate power supply, such as an uninterruptible power supply (UPS), should be installed at all facilities. The UPS should have enough capacity to shut down the system in an orderly manner. If systems need continuous power supplies, the organization should implement power generators. (Pg C-6, Exam Tier II Obj 1.3, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • All computing equipment should have a continuous power supply. The equipment should be wired to automatically switch power sources if the main power source is disrupted. When an uninterruptible power supply (UPS) is used, it should be configured to provide enough power until the back-up generator ta… (Pg 17, Pg 18, Exam Tier II Obj D.1, FFIEC IT Examination Handbook - Operations, July 2004)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Provide an uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the system; transition of the system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, FedRAMP Security Controls High Baseline, Version 5)
  • Provide an uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the system; transition of the system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Has an Uninterruptible Power Supply been installed? (IT - General Q 9, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union have adequate Uninterruptible Power Supply protection to conduct an orderly shutdown? (IT - Business Continuity Q 17, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is the firewall connected to an Uninterruptible Power Supply? (IT- Firewalls Q 29, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Provide an uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the system; transition of the system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Provide an uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the system; transition of the system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • The document calls for Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems;… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • Organizational records, documents, and the facility should be examined to ensure an Uninterruptible Power Supply (UPS) has been installed to provide for the shutting down of the system when power is lost; tests have been performed on the UPS to ensure it functions; a secondary power system is availa… (PE-11, PE-11(1), PE-11(2), Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control: Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control: Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control: High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Power. Reliable power for the ICS is essential, so an uninterruptible power supply (UPS) should be provided. If the site has an emergency generator, the UPS battery life may only need to be a few seconds; however, if the site relies on external power, the UPS battery life may need to be hours. It sh… (§ 6.2.11 ICS-specific Recommendations and Guidance ¶ 4 Bullet 6, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Mainframes require different contingency strategies from distributed systems because data is stored in a single location. Contingency strategies should emphasize the mainframe's data storage capabilities and underlying architecture. Redundant system components are critical to ensure that a failure o… (§ 5.4.2 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • The organization should provide long-term alternate power supplies capable of providing the minimally required operational needs for an extended loss of the primary power supply. (SG.PE-9 Requirement Enhancements 1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization provides a short-term uninterruptible power supply to facilitate {an orderly shutdown of the information system} in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides a short-term uninterruptible power supply to facilitate {transition of the information system to long-term alternate power} in the event of a primary power source loss. (PE-11, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides a short-term uninterruptible power supply to facilitate {an orderly shutdown of the information system} in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization provides a short-term uninterruptible power supply to facilitate {transition of the information system to long-term alternate power} in the event of a primary power source loss. (PE-11, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization provides a short-term uninterruptible power supply to facilitate {an orderly shutdown of the information system} in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization provides a short-term uninterruptible power supply to facilitate {transition of the information system to long-term alternate power} in the event of a primary power source loss. (PE-11, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provide an uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the system; transition of the system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide an uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the system; transition of the system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss. (PE-11 Control, TX-RAMP Security Controls Baseline Level 2)