Back

Establish, implement, and maintain a fire prevention and fire suppression standard.


CONTROL ID
06695
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an environmental control program., CC ID: 00724

This Control has the following implementation support Control(s):
  • Install and maintain fire protection equipment., CC ID: 00728
  • Install and maintain fire suppression systems., CC ID: 00729
  • Install and maintain smoke detectors., CC ID: 15264
  • Conduct periodic fire marshal inspections for all organizational facilities., CC ID: 04888
  • Install and maintain fire-retarding divisions such as fire doors in accordance with applicable building codes., CC ID: 06362


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is recommended that there be sufficient space between adjacent buildings in order to prevent the possible spread of fire, and to facilitate firefighting. (F4.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is recommended that firefighting be quickly carried out in the event of fire and that the computer system equipment and data in storage located in an area left free from the fire be available to reuse as soon as possible after extinguishing the fire without any damage. For this purpose, proper fi… (F39.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Fixtures and furnishings used in the computer room and data storage room should be made from steel, aluminum, or other proper incombustible materials to eliminate possible emission of harmful smoke or fumes in the event of fire, and bringing any combustible chairs or other items into the rooms shoul… (F48.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Select proper locations and methods for use, paying attention to possible effects of fire-extinguishing agent on the human body. (F39.3. ¶ 1(3) ¶ 1 1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Choose an appropriate safe depending on the contents to be maintained and available fire extinguishing facilities since the fire resistive period varies according to the performance rating of the fire-resistant safe. (F101.1. ¶ 2(1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The locations where servers are installed contain equipment susceptible to damage due to fire, and those locations are normally unattended, and therefore, special attention should be paid to fire prevention. In addition, in selection of fire extinguishers, careful consideration should be given to th… (F128.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The FI should implement appropriate fire protection and suppression systems in the DC to control a full scale fire if it occurs. The FI should install smoke detectors and hand-held fire extinguishers in the DC and implement passive fire protection elements, such as fire walls around the DC, to restr… (§ 10.3.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • As part of the DC's environmental controls, the FI should implement fire detection and suppression devices or systems, such as smoke or heat detectors, inert gas suppression systems, and wet or dry sprinkler systems. (§ 8.5.3, Technology Risk Management Guidelines, January 2021)
  • critical facilities should be free from intrinsic fire hazards (such as paper or chemicals). (CF.19.03.02a, The Standard of Good Practice for Information Security)
  • Fire alarms should be monitored continuously. (CF.19.03.03-1, The Standard of Good Practice for Information Security)
  • Fire alarms should be tested regularly. (CF.19.03.03-2, The Standard of Good Practice for Information Security)
  • Fire alarms should be serviced in accordance with manufacturer specifications. (CF.19.03.03-3, The Standard of Good Practice for Information Security)
  • critical facilities should be free from intrinsic fire hazards (such as paper or chemicals). (CF.19.03.02a, The Standard of Good Practice for Information Security, 2013)
  • Fire alarms should be monitored continuously. (CF.19.03.03-1, The Standard of Good Practice for Information Security, 2013)
  • Fire alarms should be tested regularly. (CF.19.03.03-2, The Standard of Good Practice for Information Security, 2013)
  • Fire alarms should be serviced in accordance with manufacturer specifications. (CF.19.03.03-3, The Standard of Good Practice for Information Security, 2013)
  • Smoke and fire mitigation strategies, including: (App A Objective 13:9b, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Environmental Control Systems. Heating, ventilation, and air conditioning (HVAC) systems for control rooms must support plant personnel during normal operation and emergency situations, which could include the release of toxic substances. Fire systems must be carefully designed to avoid causing more… (§ 6.2.11 ICS-specific Recommendations and Guidance ¶ 4 Bullet 5, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization should use an automatic fire suppression capability when the facility is not staffed on a continuous basis. (App F § PE-13(3), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization employs an automatic fire suppression capability for the information system when the facility is not staffed on a continuous basis. (PE-13(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs an automatic fire suppression capability for the information system when the facility is not staffed on a continuous basis. (PE-13(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization employs an automatic fire suppression capability for the information system when the facility is not staffed on a continuous basis. (PE-13(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)