Check: EC-04.03.01
Traditional Security Checklist:
EC-04.03.01
(in versions v2 r6 through v1 r3)
Title
Environmental IA Controls - Training (Cat III impact)
Discussion
If employees have not received training on the environmental controls they will not be able to respond to a fluctuation of environmental conditions, which could damage equipment and ultimately disrupt operations. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 1, paragraph 5-104 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AT-3(1) NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook NIST SP 800-100, Information Security Handbook: A Guide for Managers
Check Content
Check training records to ensure that all required personnel have received their initial and periodic (minimum annually) environmental control training (specifically humidity/temperature). Ask personnel how they respond to an environmental alarm. NOTES: This requirement should not be applied to a tactical environment, unless it is a fixed computer facility supporting missions in a Theater of Operations. The standards to be applied for applicability in a tactical environment are: 1) The facility containing the computer room has been in operation for more than one year. 2) The facility is "fixed facility" - a hard building made from normal construction materials - wood, steel, brick, stone, mortar, etc.
Fix Text
1. All required personnel involved with Information Technology (IT) area/computer rooms must receive initial and periodic (minimum annually) environmental control training (specifically regarding humidity/temperature controls). 2. Training records must be updated to reflect this special training.
Additional Identifiers
Rule ID: SV-245749r822816_rule
Vulnerability ID: V-245749
Group Title: EC-04.03.01
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |