Back

Install and maintain a moisture control system as a part of the climate control system.


CONTROL ID
06694
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Heating Ventilation and Air Conditioning system., CC ID: 00727

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is necessary to install an automatic temperature and humidity recorder or a temperature and humidity alarm device. (F46.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Terminal devices may fail to operate correctly or can malfunction if the temperature and humidity in the head offices or branch offices exceed the allowable limits for proper operation of terminal devices. Therefore, air-conditioning facilities should be properly installed to maintain temperature an… (F110.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Installing a proper cooling water temperature controller for the water-cooling air- conditioning facilities to allow control of cooling water temperature. (F73.5. ¶ 1(1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Sensors to monitor temperature and humidity (Section 5.5 PS-03 Basic requirement ¶ 3 Bullet 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Does the organization have automatic humidity controls to prevent potentially harmful levels of humidity from ruining equipment? (Table Row II.64, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • The building should provide fire protection, a suitable range and stability of temperature and humidity levels, safety measures, water damage protection, contaminant protection, controlled access to storage areas, protection against damage by insects or vermin, and detection systems for unauthorized… (§ 4.3.7.2 ¶ 1(b), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Do the physical security and environmental controls present in the building / data centers that contain scoped systems and data include a moisture control system? (§ F.1.2.18, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • The facility must have humidity controls (manually or automatic) installed that sound an alarm when there are fluctuations that are potentially harmful to equipment operation or personnel. (PEHC-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • The facility must have automatic humidity controls installed in order to prevent harmful humidity fluctuations. (PEHC-2, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • Maintaining appropriate temperature and humidity levels. (App A Objective 13:9a Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Use of smoke, water, and power detection and mitigation devices and systems, as well as fire suppression systems. (App A Objective 14:1d Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The service provider must measure the humidity by dew point and temperatures at the server inlets. (Column F: PE-14a, FedRAMP Baseline Security Controls)
  • Maintains temperature and humidity levels within the facility where the information system resides at [FedRAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]; and (PE-14a. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Maintains temperature and humidity levels within the facility where the information system resides at [FedRAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]; and (PE-14a. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Maintains temperature and humidity levels within the facility where the information system resides at [FedRAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]; and (PE-14a. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Maintain [FedRAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]] levels within the facility where the system resides at [Assignment: organization-defined acceptable… (PE-14a., FedRAMP Security Controls High Baseline, Version 5)
  • Maintain [FedRAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]] levels within the facility where the system resides at [Assignment: organization-defined acceptable… (PE-14a., FedRAMP Security Controls Low Baseline, Version 5)
  • Maintain [FedRAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]] levels within the facility where the system resides at [Assignment: organization-defined acceptable… (PE-14a., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Maintain [Selection (one or more): temperature; humidity; pressure; radiation; [Assignment: organization-defined environmental control]] levels within the facility where the system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Maintain [Selection (one or more): temperature; humidity; pressure; radiation; [Assignment: organization-defined environmental control]] levels within the facility where the system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Maintain [Selection (one or more): temperature; humidity; pressure; radiation; [Assignment: organization-defined environmental control]] levels within the facility where the system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must monitor the temperature and humidity on a predefined frequency. (App F § PE-14.b, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should use automatic temperature and humidity controls to prevent fluctuations that could potentially harm the system. (App F § PE-14(1), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization maintains temperature and humidity levels within the facility where the information system resides at {organizationally documented acceptable levels}. (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization monitors temperature and humidity levels {organizationally documented frequency}. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs automatic temperature and humidity controls in the facility to prevent fluctuations potentially harmful to the information system. (PE-14(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. (PE-14(2), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization maintains temperature and humidity levels within the facility where the information system resides at {organizationally documented acceptable levels}. (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization monitors temperature and humidity levels {organizationally documented frequency}. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization maintains temperature and humidity levels within the facility where the information system resides at {organizationally documented acceptable levels}. (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization monitors temperature and humidity levels {organizationally documented frequency}. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization maintains temperature and humidity levels within the facility where the information system resides at {organizationally documented acceptable levels}. (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization monitors temperature and humidity levels {organizationally documented frequency}. (PE-14b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Maintains temperature and humidity levels within the facility where the information system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization employs automatic temperature and humidity controls in the facility to prevent fluctuations potentially harmful to the information system. (PE-14(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Maintain [Selection (one or more): temperature; humidity; pressure; radiation; [Assignment: organization-defined environmental control]] levels within the facility where the system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Maintain [Selection (one or more): temperature; humidity; pressure; radiation; [Assignment: organization-defined environmental control]] levels within the facility where the system resides at [Assignment: organization-defined acceptable levels]; and (PE-14a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Maintains temperature and humidity levels within the facility where the information system resides at [TX-RAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]; and (PE-14a., TX-RAMP Security Controls Baseline Level 1)
  • Maintains temperature and humidity levels within the facility where the information system resides at [TX-RAMP Assignment: consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]; and (PE-14a., TX-RAMP Security Controls Baseline Level 2)