Environmental IA Controls - Temperature
An XCCDF Rule
Description
<VulnDiscussion>Lack of temperature controls can lead to fluctuations in temperature which could be potentially harmful to personnel or equipment operation. REFERENCES: DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016 Chapter 5, Section 1, paragraph 5-104 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PE-14 and PE-14(1) & (2) NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook NIST SP 800-100, Information Security Handbook: A Guide for Managers</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245750r822817_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
Ensure that temperature controls have been installed as follows:
Automatic controls are preferred and should be installed where personnel are not available 24/7 on site to respond to and correct anomalies and situations.
Otherwise it is permissible for alarms to be used when temperatures fluctuate, requiring manual employee intervention. Note that use of alarms with manual intervention should also be supported by specific assessment within the organizational holistic risk assessment.