This Control has the following implementation support Control(s):
Notify interested personnel and affected parties when water is detected in the vicinity of information systems., CC ID: 14252
Install and maintain water detection devices., CC ID: 11678
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
To protect the computer systems against possible failure due to water leakage caused by deteriorated waterproofing and/or the drainage capabilities of exterior walls, roofs, and other structural members used for a prolonged period of time, or heavy rain exceeding the drainage capacity and/or drain o… (F12.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
As a countermeasure against flood damage, it is recommended that building entrances be elevated from the ground and accessible by stairs, and that slopes should be provided for roads. (F18.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is recommended to limit the extent of possible water leakage due to the damaged piping caused by earthquake or other events. (F21.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is necessary to take measures against leakage from the ceiling, walls and floor. (F32.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Install drainage conduits below the free-access floor in order to prevent possible spread of damage due to the water discharged for firefighting. (F39.4. ¶ 1(2) ¶ 1 1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Make proper provisions for draining the water discharged and protecting the rooms against drying. (F39.4. ¶ 1(2) ¶ 1 2), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
In a case where you cannot avoid installing water-cooled computers, air-conditioning facilities, and/or other equipment that uses water in the computer room, provide proper precautions against water leakage around the equipment, including installation of proper water leakage detection systems, catch… (F43.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
In order to prevent water leakage, it is necessary to avoid installation of water use facilities such as sinks, hot water supply facilities and the like (not including fire extinguishing equipment). In addition, to ensure the protection against water leakage from the walls, ceiling, and floor of the… (F43.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
In cases when indoor-type power supply facilities and air-conditioning facilities are installed also in the computer room and not only in independent dedicated power supply room and air- conditioner room, proper fire prevention and waterproofing precautions should be taken. (F54.2. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
In air-conditioner rooms, it is necessary to install catch pans, water barriers, drain inlets, and other means near or directly below the air-conditioning facilities to prevent water leakage due to leakage for cooling water from air-conditioning facilities, condensation, clogging with dust, and othe… (F59.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Fresh-air inlets and air exhaust openings installed in the exterior walls should also be designed with proper waterproofing structure to eliminate infiltration of rainwater. (F59.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
To protect terminal devices and other computer systems against possible failure due to water leakage caused by deteriorated waterproof and/or drainage capabilities of exterior walls, roofs, and other structural members used for a prolonged period of time or heavy rain exceeding the drainage capacity… (F87.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
In areas prone to inundation, it is recommended that proper precautions be implemented against infiltration for terminal devices and other various pieces of equipment and important documents in preparation for possible flooding in the business room in addition to the water-proofing measures describe… (F93.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
To protect the terminal devices against a possible failure due to water leakage, dust particles, smoke, or other factors, it is recommended to use waterproof and dust-proof covers and/or install required air-conditioning facilities while the terminal device operation is suspended. (F120.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is recommended that terminal devices should be equipped with water-proof protection and protected against possible damage by infiltration of rain water to the business office. (F93.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
To protect the servers against damage due to water leakage, it is recommended to take proper precautions against water leakage from ceilings, walls, and floors. (F126.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
It is recommended to install the servers in proper locations where adequate protection against water leakage is implemented. For precautions against water leakage, refer to [F32]. (F126.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
The organization should implement mechanisms to monitor for and alert individuals when a compromise of the water control is detected. (¶ 56(c), APRA Prudential Practice Guide 234: Management of security risk in information and information technology)
Physical Security. An organization should combine the identification of the environment with safeguards which deal with physical protection. The following items may apply to buildings, secure areas, computer rooms and offices. The safeguard selection depends on which part of the building is consider… (¶ 8.1.7(3), ISO 13335-4 Information technology - Guidelines for the management of IT Security - Part 4: Selection of safeguards, 2000)
The building should provide fire protection, a suitable range and stability of temperature and humidity levels, safety measures, water damage protection, contaminant protection, controlled access to storage areas, protection against damage by insects or vermin, and detection systems for unauthorized… (§ 4.3.7.2 ¶ 1(b), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Do the physical security and environmental controls present in the building / data centers that contain scoped systems and data include a fluid sensor or water sensor? (§ F.1.2.17, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
Does the data center that contains scoped systems and data have a fluid sensor or water sensor? (§ F.2.2, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
The organization must know where the building plumbing lines are located and that they do not endanger the computer facility or, at a minimum, there are shutoff valves and the operating procedures are known. The organization must implement automated mechanisms to automatically close the shutoff valv… (CSR 5.1.8, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, FedRAMP Security Controls High Baseline, Version 5)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, FedRAMP Security Controls Low Baseline, Version 5)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, FedRAMP Security Controls Moderate Baseline, Version 5)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
For Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provide supp… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
Organizational records, documents, and the facility should be examined to ensure a master shutoff valve for the water pipes is present and working properly; personnel know where the master shutoff valve is located; automated mechanisms are used to close the shutoff valve automatically when a major l… (PE-15, PE-15(1), Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control: Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control: Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control: High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
The organization must protect the Information System from water damage resulting from water leakage by ensuring that master shutoff valves are accessible, working properly, and known to key personnel. (App F § PE-15, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
The organization should provide automated mechanisms to close shutoff valves in the event of a significant water leak. (App F § PE-15(1), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts {organizationally documented personnel}. (PE-15(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts {organizationally documented roles}. (PE-15(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts {organizationally documented personnel}. (PE-15(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts {organizationally documented roles}. (PE-15(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, TX-RAMP Security Controls Baseline Level 1)
The organization protects the information system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. (PE-15 Control, TX-RAMP Security Controls Baseline Level 2)
