Back

Install a generator sized to support the facility.


CONTROL ID
06709
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Document the uninterrupted power requirements for all in scope systems., CC ID: 06707

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain a fuel supply large enough to support the generators during an emergency., CC ID: 06376


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is necessary to confirm the facilities, equipment, computer systems, etc. that can be used when the private power generation facility, etc. is activated in an emergency. Also, it is necessary to check the amount of electricity required by them at the time of addition, renewal, etc. of each device… (F64.4., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • As for the lighting and air-conditioners necessary for the operation of a computer system, it is recommended that its power can also be supplied from a private power generation facility. Since it takes some time to switch over to the private power generation facility, room temperature will rise and … (F64.3., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Install a private power generation facility and a storage battery facility to enable continued operations of the computer system even in the event of a power outage. (F64.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To ensure the secure evacuation of personnel and minimize possible impacts on the computer systems even if the supply of commercial power is interrupted due to earthquake, fire, or any other event, emergency power generators should be installed to assure correct functioning of the disaster control a… (F71.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To ensure the secure evacuation of personnel and minimize possible impacts on the computer systems even in the event of power failure due to earthquake or fire, disaster control and crime prevention systems should correctly function with emergency power generators. (F108.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is recommended that a private power generation facility and related facilities be installed in order to prevent online systems from going out of service during extended power failures. In some cases, the scale of head offices and branch offices and the ownership structure of the buildings make it… (F109.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The power supply to critical facilities should be protected by providing back-up electricity generators (supplied with adequate quantities of fuel) in the event of extended power failure. (CF.19.02.02c, The Standard of Good Practice for Information Security)
  • The power supply to critical facilities should be protected by providing back-up electricity generators (supplied with adequate quantities of fuel) in the event of extended power failure. (CF.19.02.02c, The Standard of Good Practice for Information Security, 2013)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Does the data center that contains scoped systems and data have a generator? (§ F.2.12, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • Does the generator or generator area have adequate capacity to supply power for at least 48 hours? (§ F.1.6.2, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • The electrical system must be configured for continuous power or uninterrupted power to the key Information Technology assets, which may include emergency generators. (COPS-2, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • The electrical system must be configured for continuous power or uninterrupted power to the key Information Technology assets and to the users who access the assets for mission essential functions or business essential functions, which may include emergency generators or another alternate power sour… (COPS-3, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • Use of alternative power sources independent of local power grids. (App A Objective 13:9d Bullet 7, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Provide an alternate power supply for the system that is activated [FedRAMP Assignment: automatically] and that can maintain minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Provide an alternate power supply for the system that is activated [Selection: manually; automatically] and that can maintain minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1 Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1 Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization provides a long-term alternate power supply for the information system that is: (PE-11(2) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Self-contained; (PE-11(2) ¶ 1(a) High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Not reliant on external power generation; and (PE-11(2) ¶ 1(b) High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Capable of maintaining [Selection: minimally required operational capability; full operational capability] in the event of an extended loss of the primary power source. (PE-11(2) ¶ 1(c) High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization should provide a long-range alternate power supply solution that does not rely on external power generation and is self-contained. (SG.PE-9 Additional Considerations A1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization should provide a long-term alternate power supply for the Information System that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (App F § PE-11(1), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should provide a long-term alternate power supply for the Information System that is self-contained and not reliant on external power generation. (App F § PE-11(2), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides a long-term alternate power supply for the information system that is self-contained. (PE-11(2)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides a long-term alternate power supply for the information system that is not reliant on external power generation. (PE-11(2)(b), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining {minimally required operational capability or full operational capability} in the event of an extended loss of the primary power source. (PE-11(2)(c), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization provides a long-term alternate power supply for the information system that is capable of maintaining minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Capable of maintaining [Selection: minimally required operational capability; full operational capability] in the event of an extended loss of the primary power source. (PE-11(2)(c), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization provides a long-term alternate power supply for the information system that is: (PE-11(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Not reliant on external power generation; and (PE-11(2)(b), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Self-contained; (PE-11(2)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provide an alternate power supply for the system that is activated [Selection: manually; automatically] and that can maintain minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide an alternate power supply for the system that is activated [Selection: manually; automatically] and that is: (PE-11(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Not reliant on external power generation; and (PE-11(2) ¶ 1(b), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Capable of maintaining [Selection: minimally required operational capability; full operational capability] in the event of an extended loss of the primary power source. (PE-11(2) ¶ 1(c), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Self-contained; (PE-11(2) ¶ 1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide an alternate power supply for the system that is activated [Selection: manually; automatically] and that can maintain minimally required operational capability in the event of an extended loss of the primary power source. (PE-11(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Provide an alternate power supply for the system that is activated [Selection: manually; automatically] and that is: (PE-11(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Not reliant on external power generation; and (PE-11(2) ¶ 1(b), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Capable of maintaining [Selection: minimally required operational capability; full operational capability] in the event of an extended loss of the primary power source. (PE-11(2) ¶ 1(c), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Self-contained; (PE-11(2) ¶ 1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)