Environmental IA Controls - Emergency Power
An XCCDF Rule
Description
<VulnDiscussion>Failure to have alternative power sources available can result in significant impact to mission accomplishment and information technology systems including potential loss of data and damage to the IT equipment during a commercial power service outage. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 1, paragraph 5-104 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-11 and PE-11(1) & (2) NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook NIST SP 800-100, Information Security Handbook: A Guide for Managers</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245748r917363_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
A short-term uninterruptible power supply must be installed to facilitate an orderly shutdown of the information system and transition of the information system to longer-term alternate power (if available) in the event of a primary power source loss.
Additionally, the need for additional short term or long term alternative power sources such as use of a secondary commercial power supply or use of one or more generators with sufficient capacity to meet the needs of the organization must be considered in the organizations Holistic Risk Assessment; when such alternative sources of power are actually not available.