STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Environmental IA Controls - Humidity

DISA Rule

SV-41034r3_rule

Vulnerability Number

V-30990

Group Title

Environmental IA Controls - Humidity

Rule Version

EC-06.03.01

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Ensure that humidity controls have been installed in Information Technology (IT) areas (Computer Rooms) to protect personnel and equipment operation, as follows:

Automatic controls are preferred and should be installed where personnel are not available 24/7 on site to respond to and correct anomalies and situations.

Otherwise it is permissible for alarms to be used when humidity levels fluctuate, requiring manual employee intervention. Adjustments to humidity control systems can be made manually. Note that use of alarms with manual intervention should also be supported by specific assessment within the organizational holistic risk assessment.

Check Contents

Check to see if humidity controls have been installed in all IT areas. Automatic controls are preferred and should be installed where personnel are not available 24/7 on site to respond to and correct anomalies and situations. Otherwise it is permissible for alarms to be used when humidity levels fluctuate, requiring manual employee intervention.

NOTES:

1. In general such an area will be in raised floor space. The requirement should not be applied to administrative/office space. This requirement should also not be applied to a tactical environment, unless it is a fixed computer facility supporting missions in a Theater of Operations. The standards to be applied for applicability in a tactical environment are: 1) The facility containing the computer room has been in operation over 1-year. 2) The facility is "fixed facility" - a hard building made from normal construction materials - wood, steel, brick, stone, mortar, etc.

2. Use of alarms with manual intervention should be supported by specific assessment within the organizational holistic risk assessment.

Vulnerability Number

V-30990

Documentable

False

Rule Version

EC-06.03.01

Severity Override Guidance

Check to see if humidity controls have been installed in all IT areas. Automatic controls are preferred and should be installed where personnel are not available 24/7 on site to respond to and correct anomalies and situations. Otherwise it is permissible for alarms to be used when humidity levels fluctuate, requiring manual employee intervention.

NOTES:

1. In general such an area will be in raised floor space. The requirement should not be applied to administrative/office space. This requirement should also not be applied to a tactical environment, unless it is a fixed computer facility supporting missions in a Theater of Operations. The standards to be applied for applicability in a tactical environment are: 1) The facility containing the computer room has been in operation over 1-year. 2) The facility is "fixed facility" - a hard building made from normal construction materials - wood, steel, brick, stone, mortar, etc.

2. Use of alarms with manual intervention should be supported by specific assessment within the organizational holistic risk assessment.

Check Content Reference

M

Target Key

2506

Comments