Establish, implement, and maintain appropriate shutdown procedures.
CONTROL ID 01778
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure the "Shutdown: Allow system to be shut down without having to log on" setting., CC ID: 01779
Configure the "Shutdown: Clear virtual memory pagefile" setting., CC ID: 01780
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
In cases where computer systems are manually shut down in response to alarms and the displayed seismic intensity, responsible personnel must provide instructions in reference to the above- mentioned criteria to implement predetermined procedures. (F44.2. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
CSR 3.6.6: The organization must protect the operating system's operational status and restart integrity during and after shutdowns.
CSR 10.10.1(8): The organization must only allow authorized users to shut down network components. (CSR 3.6.6, CSR 10.10.1(8), Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
Processes to power down IT systems in an orderly manner to maintain critical information for later recovery, in cases where power cannot be maintained (e.g., during emergencies). (App A Objective 13:9d Bullet 8, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)