Back

Install and maintain an environment control monitoring system.


CONTROL ID
06370
CONTROL TYPE
Monitor and Evaluate Occurrences
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Heating Ventilation and Air Conditioning system., CC ID: 00727

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • AIs should consider fully the environmental threats (e.g. proximity to dangerous factories) when selecting the locations of their data centres. Moreover, physical and environmental controls should be implemented to monitor environmental conditions which could affect adversely the operation of inform… (3.6.2, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • F80: The organization shall install a monitor and control system for the air-conditioning facilities, power supply facilities, disaster control system, crime prevention system, and other systems to detect failure early. F81: The organization should install a central control and monitoring station fo… (F80, F81, O46, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Determine the air-conditioning capacity at the maximum load heat capacity based on the structure of the building, size of the computer room, heat generation from pieces of equipment installed in the rooms, intended use and service conditions of individual rooms, and other factors. Generally, it is c… (F72.1. ¶ 2(2), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is necessary to install an automatic temperature and humidity recorder or a temperature and humidity alarm device. (F46.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In addition, automatic temperature and humidity recorders or alarm systems for any exceptional temperature/humidity should be properly arranged based on the criticality of servers, the number of servers installed, and the environmental settings in the installed locations. (F131.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To facilitate the management and operation of a variety of sophisticated systems in the computer center and the early detection of any failure, the monitor and control system for power supply facilities, air-conditioning facilities, disaster control, crime prevention, and other systems should be ins… (F80.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The FI should implement appropriate fire protection and suppression systems in the DC to control a full scale fire if it occurs. The FI should install smoke detectors and hand-held fire extinguishers in the DC and implement passive fire protection elements, such as fire walls around the DC, to restr… (§ 10.3.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • physical measures to both protect the institution's critical ICT infrastructure (e.g. data centres) from environmental risks (e.g. flooding and other natural disasters) and ensure an appropriate operating environment for ICT systems (e.g. air conditioning); (Title 3 3.3.4(a) 54.b(v), Final Report Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP))
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Monitoring HVAC. (App A Objective 13:9a Bullet 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Implementing automated monitoring and providing an alarm or notification of significant temperature changes. (App A Objective 13:9a Bullet 3, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The service provider must measure the humidity by dew point and temperatures at the server inlets. (Column F: PE-14a, FedRAMP Baseline Security Controls)
  • Monitors temperature and humidity levels [FedRAMP Assignment: continuously]. (PE-14b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Monitors temperature and humidity levels [FedRAMP Assignment: continuously]. (PE-14b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Monitors temperature and humidity levels [FedRAMP Assignment: continuously]. (PE-14b. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to [Assignment: organization-defined personnel or roles]. (PE-14(2) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Monitor environmental control levels [FedRAMP Assignment: continuously]. (PE-14b., FedRAMP Security Controls High Baseline, Version 5)
  • Monitor environmental control levels [FedRAMP Assignment: continuously]. (PE-14b., FedRAMP Security Controls Low Baseline, Version 5)
  • Monitor environmental control levels [FedRAMP Assignment: continuously]. (PE-14b., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Monitor environmental control levels [Assignment: organization-defined frequency]. (PE-14b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Monitor environmental control levels [Assignment: organization-defined frequency]. (PE-14b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Monitor environmental control levels [Assignment: organization-defined frequency]. (PE-14b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Environmental Factors. In addressing the security needs of the system and data, it is important to consider environmental factors. For example, if a site is dusty, systems should be placed in a filtered environment. This is particularly important if the dust is likely to be conductive or magnetic, a… (§ 6.2.11 ICS-specific Recommendations and Guidance ¶ 4 Bullet 4, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must monitor the temperature and humidity on a predefined frequency. (App F § PE-14.b, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should use temperature and humidity monitoring to provide an alarm or notification of changes that could potentially harm equipment or personnel. (App F § PE-14(2), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Monitors temperature and humidity levels [Assignment: organization-defined frequency]. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Monitor environmental control levels [Assignment: organization-defined frequency]. (PE-14b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to [Assignment: organization-defined personnel or roles]. (PE-14(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Monitor environmental control levels [Assignment: organization-defined frequency]. (PE-14b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to [Assignment: organization-defined personnel or roles]. (PE-14(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Monitors temperature and humidity levels [TX-RAMP Assignment: continuously]. (PE-14b., TX-RAMP Security Controls Baseline Level 1)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2) ¶ 1, TX-RAMP Security Controls Baseline Level 2)
  • Monitors temperature and humidity levels [TX-RAMP Assignment: continuously]. (PE-14b., TX-RAMP Security Controls Baseline Level 2)