Check: EC-01.02.01
Traditional Security Checklist:
EC-01.02.01
(in versions v2 r5 through v2 r4)
Title
Environmental IA Controls - Emergency Power Shut-Off (EPO) (Cat II impact)
Discussion
A lack of an emergency shut-off switch or a master power switch for electricity to IT equipment could cause damage to the equipment or injury to personnel during an emergency. REFERENCES: DOD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 1, paragraph 5-104 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-10 and PE-10(1) NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook NIST SP 800-100 Information Security Handbook: A Guide for Managers
Check Content
Check an emergency power cut-off (EPO) switch is located inside the IT room or area near the main entrance/exit. It must be clearly labeled and have a protective cover. This requirement is only for computer centers with large server rooms and/or supporting infrastructure rooms hosting large amounts of network equipment and/or equipment such as chillers, battery backup, transformers, etc. NOTES: In general, a server/computer room will have raised floor space and air conditioning and host multiple servers. The requirement should not be applied to purely administrative/office space. Also, this requirement should not be applied to a tactical environment unless it is clearly an "established" fixed computer facility supporting missions in a Theater of Operations. The standards to be applied to determine applicability in a tactical environment are: 1. The facility containing the computer room has been in operation more than one year. 2. The facility is "fixed facility" - a hard building made from normal construction materials (wood, steel, brick, stone, mortar, etc.).
Fix Text
1. A master power switch or emergency cut-off switch for the IT equipment must be located inside the IT area near the main entrance. 2. The emergency switch must be properly labeled. 3. The emergency switch must be protected by a cover to prevent accidental shut-off of the power.
Additional Identifiers
Rule ID: SV-245744r917320_rule
Vulnerability ID: V-245744
Group Title: EC-01.02.01
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |