STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Environmental IA Controls - Emergency Power

DISA Rule

SV-76119r1_rule

Vulnerability Number

V-61629

Group Title

Environmental IA Controls - Emergency Power

Rule Version

EC-03.03.02

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

A short-term uninterruptible power supply must be installed to facilitate an orderly shutdown of the information system and transition of the information system to longer-term alternate power (if available) in the event of a primary power source loss.

Additionally, the need for additional short term or long term alternative power sources such as use of a secondary commercial power supply or use of one or more generators with sufficient capacity to meet the needs of the organization must be considered in the organizations Holistic Risk Assessment; when such alternative sources of power are actually not available.

Check Contents

Check that alternate sources of power are available for key IT system assets. Specifically check that both of the following requirements are complied with:

A short-term uninterruptible power supply is available to facilitate an orderly shutdown of the information system and transition of the information system to longer-term alternate power (if available) in the event of a primary power source loss. (CAT II)

The need for additional short term or long term alternative power sources such as use of a secondary commercial power supply or use of one or more generators with sufficient capacity to meet the needs of the organization have been considered in the organizations Holistic Risk Assessment; when such alternative sources of power are not available. (CAT III)

NOTES:

1. In general rule application will be for major computing centers with raised floor space. The requirement should not be applied to administrative/office space. This requirement should also not be applied to a tactical environment, unless it is a fixed computer facility supporting missions in a Theater of Operations. The standards to be applied for applicability in a tactical environment are: 1) The facility containing the computer room has been in operation over 1-year. 2) The facility is "fixed facility" - a hard building made from normal construction materials - wood, steel, brick, stone, mortar, etc.

2. It is not necessary for the risk assessment to specifically address the need for long term alternative power if it is actually available at the site.

Vulnerability Number

V-61629

Documentable

False

Rule Version

EC-03.03.02

Severity Override Guidance

Check that alternate sources of power are available for key IT system assets. Specifically check that both of the following requirements are complied with:

A short-term uninterruptible power supply is available to facilitate an orderly shutdown of the information system and transition of the information system to longer-term alternate power (if available) in the event of a primary power source loss. (CAT II)

The need for additional short term or long term alternative power sources such as use of a secondary commercial power supply or use of one or more generators with sufficient capacity to meet the needs of the organization have been considered in the organizations Holistic Risk Assessment; when such alternative sources of power are not available. (CAT III)

NOTES:

1. In general rule application will be for major computing centers with raised floor space. The requirement should not be applied to administrative/office space. This requirement should also not be applied to a tactical environment, unless it is a fixed computer facility supporting missions in a Theater of Operations. The standards to be applied for applicability in a tactical environment are: 1) The facility containing the computer room has been in operation over 1-year. 2) The facility is "fixed facility" - a hard building made from normal construction materials - wood, steel, brick, stone, mortar, etc.

2. It is not necessary for the risk assessment to specifically address the need for long term alternative power if it is actually available at the site.

Check Content Reference

M

Potential Impact

Related STIG Rules:

Rule Title: Risk Assessment -Holistic Review (site/environment/information systems)
STIG ID: PH-02.02.01, Rule ID: SV-42878r1_rule, Vuln ID: V-32541

Rule Title: Environmental IA Controls - Voltage Control (power)
STIG ID: EC-03.03.01 Rule ID: SV-41031r1_rule Vuln ID: V-30987

Target Key

2506

Comments