Environmental IA Controls - Training
An XCCDF Rule
Description
<VulnDiscussion>If employees have not received training on the environmental controls they will not be able to respond to a fluctuation of environmental conditions, which could damage equipment and ultimately disrupt operations. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 1, paragraph 5-104 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AT-3(1) NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook NIST SP 800-100, Information Security Handbook: A Guide for Managers</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245749r822816_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
1. All required personnel involved with Information Technology (IT) area/computer rooms must receive initial and periodic (minimum annually) environmental control training (specifically regarding humidity/temperature controls).
2. Training records must be updated to reflect this special training.