Back

Install and maintain redundant power supplies for critical facilities.


CONTROL ID
06355
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain organizational facility continuity plans., CC ID: 02224

This Control has the following implementation support Control(s):
  • Install and maintain Emergency Power Supply shutdown devices or Emergency Power Supply shutdown switches., CC ID: 01439
  • Install and maintain dedicated power lines to critical facilities., CC ID: 06357
  • Run primary power lines and secondary power lines via diverse path feeds to organizational facilities, as necessary., CC ID: 06696
  • Install electro-magnetic shielding around all electrical cabling., CC ID: 06358
  • Install electrical grounding equipment., CC ID: 06359


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • F68: The organization shall use different power supply facilities between a computer system and devices with significantly varying loads to ensure a stable supply of electric power to the computer systems. F73: The organization shall ensure the air-conditioning facilities have a sufficient capacity … (F68, F73, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • For the power supply and monitoring facilities, the connection lines should be correctly identified and they should be properly maintained even after any change or extension work. (P54.8., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In order to ensure stable power supply to a computer system, even when a power receiving/transforming facility fails, use of multiple lead-in lines to draw in power from a power supplier is recommended. (F62.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is recommended that UPS be capable of receiving the supply of power from a private power generation facility to ensure uninterrupted operation even in the event of failure of commercial power for a prolonged period of time. The storage battery, charger, and other equipment connected to the UPS mu… (F63.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Every automatic fire alarm system needs to be provided with a standby power supply in preparation for any failure of commercial power. (F37.2. ¶ 3, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Note that it is recommended to employ more than one main line from a power supply room to a distribution board in order to minimize the influence of accidents and for maintenance operations. (F67.2. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To ensure proper temperature and humidity conditions, it is recommended that dedicated air- conditioning facilities be installed. In cases where dedicated air-conditioners are required to ensure proper temperature and humidity conditions for the operating conditions of servers, it is necessary to in… (F132.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • A redundant supply for media (e.g. electricity, communication connections) is provided. (3.1.2 Requirements (should) Bullet 6, Information Security Assessment, Version 5.1)
  • Information processing facilities should be protected from power failures and other disruptions caused by failures in supporting utilities. (§ 7.11 Control, ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection — Information security controls, Third Edition)
  • Identify multiple power sources. (App A Objective 6:2b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Alternate energy sources (e.g., generators and multiple power grids). (App A Objective 6:7a, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Continued maintenance of generators. (App A Objective 6:7c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Consideration of long-term alternate power supply to provide operational capability during extended power outages. (App A Objective 13:9d Bullet 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Use of independent electrical feeds drawing from separate power grids and automatic fail-over to a live power source, where multiple feeds or backup power generators are used. (App A Objective 13:9d Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The system and its data can become corrupt as a result of a power failure. Critical hardware, such as servers, can be configured with dual power supplies to prevent corruption. The two power supplies should be used simultaneously so that if the main power supply becomes overheated or unusable, the s… (§ 5.1.3 ¶ 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))