Back

Install and maintain Emergency Power Supply shutdown devices or Emergency Power Supply shutdown switches.


CONTROL ID
01439
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Install and maintain redundant power supplies for critical facilities., CC ID: 06355

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In order to prevent overheating or burning of the wiring or electrical machinery from current surge, it is essential to install overcurrent circuit breakers. (F70.3., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The power supply to critical facilities should be protected by locating emergency power-off switches near emergency exits to facilitate rapid power-down in case of an emergency. (CF.19.02.02e, The Standard of Good Practice for Information Security)
  • Uninterruptible Power Supply devices should have the battery capacity to allow critical information systems, network equipment, voice facilities, and supporting systems to shut down in an orderly manner. (CF.19.02.03, The Standard of Good Practice for Information Security)
  • The power supply to critical facilities should be protected by locating emergency power-off switches near emergency exits to facilitate rapid power-down in case of an emergency. (CF.19.02.02e, The Standard of Good Practice for Information Security, 2013)
  • Uninterruptible Power Supply devices should have the battery capacity to allow critical information systems, network equipment, voice facilities, and supporting systems to shut down in an orderly manner. (CF.19.02.03, The Standard of Good Practice for Information Security, 2013)
  • Service providers should ensure emergency power circuit breakers have been installed in areas that have potential fire hazards because of the heat given off by electrical devices. Emergency power circuit breakers should be installed in areas that have equipment that consumes a large amount of power;… (§ 6.8.6, ISO 24762 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, 2008)
  • Emergency power off switches should be located near all emergency exits to allow for a fast shutdown of the equipment in case of an emergency. (§ 9.2.2, ISO 27002 Code of practice for information security management, 2005)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization must implement, maintain, and prominently mark a master power switch or emergency cut-off switch for the data centers, mainframe, and server rooms. The switch also must be protected by a cover. (CSR 5.1.5, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • The facility must have an emergency cut-off switch or a master power switch to the Information Technology equipment installed. (PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • A master power switch is located near the main entrance of the it area. (PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • A master power switch is labeled as being the master power switch. (PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • A master power switch is protected by a cover to prevent accidental shut-off. (PEMS-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • The data center should have emergency power shutoff switches that are unobstructed and clearly visible. The shutoff switches also should turn off the air conditioning system. (Pg C-3, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • The service provider must define the locations of the emergency shutoff switches. (Column F: PE-10b, FedRAMP Baseline Security Controls)
  • The joint authorization board must approve and accept the locations of the emergency shutoff switches. (Column F: PE-10b, FedRAMP Baseline Security Controls)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; (PE-10a., FedRAMP Security Controls High Baseline, Version 5)
  • Protect emergency power shutoff capability from unauthorized activation. (PE-10c., FedRAMP Security Controls High Baseline, Version 5)
  • Place emergency shutoff switches or devices in [FedRAMP Assignment: near more than one egress point of the IT area and ensures it is labeled and protected by a cover to prevent accidental shut-off] to facilitate access for authorized personnel; and (PE-10b., FedRAMP Security Controls High Baseline, Version 5)
  • Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; (PE-10a., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Protect emergency power shutoff capability from unauthorized activation. (PE-10c., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Place emergency shutoff switches or devices in [FedRAMP Assignment: near more than one egress point of the IT area and ensures it is labeled and protected by a cover to prevent accidental shut-off] to facilitate access for authorized personnel; and (PE-10b., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Protect emergency power shutoff capability from unauthorized activation. (PE-10c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Place emergency shutoff switches or devices in [Assignment: organization-defined location by system or system component] to facilitate access for authorized personnel; and (PE-10b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; (PE-10a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Place emergency shutoff switches or devices in [Assignment: organization-defined location by system or system component] to facilitate access for authorized personnel; and (PE-10b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Protect emergency power shutoff capability from unauthorized activation. (PE-10c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; (PE-10a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Physical and Environmental Protection (PE): Organizations must: (i) limit physical access to information systems, equipment, and the respective operating environments to authorized individuals; (ii) protect the physical plant and support infrastructure for information systems; (iii) provide supporti… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • Organizational records, documents, and the facility should be examined to ensure an emergency shutoff is available and functioning to remove power from any components that are threatened or malfunctioning and specific responsibilities and actions are defined for the implementation of the emergency s… (PE-10, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must protect the emergency power-off button from being activated, either accidentally or intentionally. (SG.PE-8 Requirement, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must provide a way to shut off power to the system or individual components in emergency situations. (App F § PE-10.a, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must install emergency shutoff switches or devices in organization-defined locations to facilitate safe and easy access. (App F § PE-10.b, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must protect the emergency power shutoff switch from unauthorized activation. (App F § PE-10.c, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization provides the capability of shutting off power to the information system or individual system components in emergency situations. (PE-10a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization places emergency shutoff switches or devices in {organizationally documented location by information system or system component} to facilitate safe and easy access for personnel. (PE-10b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization protects emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides the capability of shutting off power to the information system or individual system components in emergency situations. (PE-10a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization places emergency shutoff switches or devices in {organizationally documented location by information system or system component} to facilitate safe and easy access for personnel. (PE-10b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization protects emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization provides the capability of shutting off power to the information system or individual system components in emergency situations. (PE-10a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization places emergency shutoff switches or devices in {organizationally documented location by information system or system component} to facilitate safe and easy access for personnel. (PE-10b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization protects emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; (PE-10a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Protect emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Place emergency shutoff switches or devices in [Assignment: organization-defined location by system or system component] to facilitate access for authorized personnel; and (PE-10b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide the capability of shutting off power to [Assignment: organization-defined system or individual system components] in emergency situations; (PE-10a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Protect emergency power shutoff capability from unauthorized activation. (PE-10c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Place emergency shutoff switches or devices in [Assignment: organization-defined location by system or system component] to facilitate access for authorized personnel; and (PE-10b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Provides the capability of shutting off power to the information system or individual system components in emergency situations; (PE-10a., TX-RAMP Security Controls Baseline Level 2)
  • Protects emergency power shutoff capability from unauthorized activation. (PE-10c., TX-RAMP Security Controls Baseline Level 2)
  • Places emergency shutoff switches or devices in [Assignment: organization-defined location by information system or system component] to facilitate safe and easy access for personnel; and (PE-10b., TX-RAMP Security Controls Baseline Level 2)