Back

Install and maintain redundant power supplies for critical facilities.


CONTROL ID
06355
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain organizational facility continuity plans., CC ID: 02224

This Control has the following implementation support Control(s):
  • Install and maintain Emergency Power Supply shutdown devices or Emergency Power Supply shutdown switches., CC ID: 01439
  • Install and maintain dedicated power lines to critical facilities., CC ID: 06357
  • Run primary power lines and secondary power lines via underground diverse path feeds to organizational facilities, as necessary., CC ID: 06696
  • Install electro-magnetic shielding around all electrical cabling., CC ID: 06358
  • Install electrical grounding equipment., CC ID: 06359


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • F68: The organization shall use different power supply facilities between a computer system and devices with significantly varying loads to ensure a stable supply of electric power to the computer systems. F73: The organization shall ensure the air-conditioning facilities have a sufficient capacity … (F68, F73, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Information processing facilities should be protected from power failures and other disruptions caused by failures in supporting utilities. (§ 7.11 Control, ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection — Information security controls, Third Edition)
  • Identify multiple power sources. (App A Objective 6:2b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Alternate energy sources (e.g., generators and multiple power grids). (App A Objective 6:7a, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Continued maintenance of generators. (App A Objective 6:7c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Consideration of long-term alternate power supply to provide operational capability during extended power outages. (App A Objective 13:9d Bullet 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Use of independent electrical feeds drawing from separate power grids and automatic fail-over to a live power source, where multiple feeds or backup power generators are used. (App A Objective 13:9d Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)