Back

Install and maintain water detection devices.


CONTROL ID
11678
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Protect physical assets from water damage., CC ID: 00730

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • F18: The organization should waterproof windows, doorways, ports for carrying equipment in/out, and other openings to protect computer equipment and the facility against failure due to flooding and water leaks. F32: The organization shall implement preventive measures against water leaks from walls,… (F18, F32, F43, F43.2, F59, F120, F126, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • In order to prevent water leakage, it is necessary to avoid installation of water use facilities such as sinks, hot water supply facilities and the like (not including fire extinguishing equipment). In addition, to ensure the protection against water leakage from the walls, ceiling, and floor of the… (F43.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts [Assignment: organization-defined personnel or roles]. (PE-15(1) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization should install fire and water alarms, which shall sound at an on-site protection console, a central station, or local police station. (§ 4.2.6, CMS Business Partners Systems Security Manual, Rev. 10)
  • Water detection controls, including: (App A Objective 13:9c, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Use of water detectors in raised floors or in ceilings to alert management. (App A Objective 13:9c Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Consideration of automated mechanisms to detect the presence of water and provide alerts. (App A Objective 13:9c Bullet 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Use of smoke, water, and power detection and mitigation devices and systems, as well as fire suppression systems. (App A Objective 14:1d Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • All facilities should use raised flooring, should elevate wiring and servers above the floor to limit or prevent water damage, and should have water detectors installed. Critical records and equipment should be located on upper floors to limit the possibility of water damage. (Pg C-3, Pg C-4, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • The organization should install water detectors under raised flooring and possibly floor drains. Waterproof covers should be available to cover equipment in the event of a water leak. (Pg 19, Exam Tier I Obj 7.1, Exam Tier II Obj D.1, FFIEC IT Examination Handbook - Operations, July 2004)
  • The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts [FedRAMP Assignment: service provider building maintenance/physical security personnel]. (PE-15(1) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Detect the presence of water near the system and alert [FedRAMP Assignment: service provider building maintenance/physical security personnel] using [Assignment: organization-defined automated mechanisms]. (PE-15(1) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Detect the presence of water near the system and alert [Assignment: organization-defined personnel or roles] using [Assignment: organization-defined automated mechanisms]. (PE-15(1) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts [Assignment: organization-defined personnel or roles]. (PE-15(1) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts [Assignment: organization-defined personnel or roles]. (PE-15(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alerts [Assignment: organization-defined personnel or roles]. (PE-15(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Detect the presence of water near the system and alert [Assignment: organization-defined personnel or roles] using [Assignment: organization-defined automated mechanisms]. (PE-15(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Detect the presence of water near the system and alert [Assignment: organization-defined personnel or roles] using [Assignment: organization-defined automated mechanisms]. (PE-15(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)