Traditional Security Checklist Version Comparison
Traditional Security Checklist
Comparison
There are 7 differences between versions v2 r4 (July 26, 2023) (the "left" version) and v2 r6 (Oct. 24, 2024) (the "right" version).
Check EC-01.02.01 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.
The regular view of the left check and right check may be easier to read.
Text Differences
Title
Environmental IA Controls - Emergency Power Shut-Off (EPO)
Check Content
Check an emergency power cut-off (EPO) switch is located inside the IT room or area near the main entrance/exit. It must be clearly labeled and have a protective cover. Per NFPA 76 and OSHA Emergency Stop Requirements the EPO shall be bright yellow with red button, an emergency push button, "e-stop" or emergency stop/disconnection is required where there is a risk of an emergency or potential unsafe condition for equipment or for the operator. The switch shall be continually operable, readily accessible, and initiated via a single human action via a mechanical latching mechanism. This requirement is only for computer centers with large server rooms and/or supporting infrastructure rooms hosting large amounts of network equipment and/or equipment such as chillers, battery backup, transformers, etc. NOTES: In general, a server/computer room will have raised floor space and air conditioning and host multiple servers. The requirement should not be applied to purely administrative/office space. Also, this requirement should not be applied to a tactical environment unless it is clearly an "established" fixed computer facility supporting missions in a Theater of Operations. The standards to be applied to determine applicability in a tactical environment are: 1. The facility containing the computer room has been in operation more than one year. 2. The facility is "fixed facility" - a hard building made from normal construction materials (wood, steel, brick, stone, mortar, etc.).
Discussion
A lack of an emergency shut-off switch or a master power switch for electricity to IT equipment could cause damage to the equipment or injury to personnel during an emergency. REFERENCES: DOD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 1, paragraph 5-104 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-10 and PE-10(1) NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook NIST SP 800-100 Information Security Handbook: A Guide for Managers Managers NFPA 79 & OSHA Emergency Stop Requirement
Fix
1. A master power switch or emergency cut-off switch for the IT equipment must be located inside the IT area near the main entrance. 2. The emergency switch must be properly labeled. 3. The emergency switch must be protected by a cover to prevent accidental shut-off of the power. power. NOTE: Per NFPA 76 and OSHA Emergency Stop Requirements the EPO shall be bright yellow with red button, an emergency push button, "e-stop" or emergency stop/disconnection is required where there is a risk of an emergency or potential unsafe condition for equipment or for the operator. The switch shall be continually operable, readily accessible, and initiated via a single human action via a mechanical latching mechanism.