PE-11 Emergency Power (H) (M)

This page is classified as INTERNAL.

NIST 800-53 (r4) Control:

The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss.

NIST 800-53 (r4) Supplemental Guidance:

Related controls: AT-3, CP-2, CP-7.

NIST 800-53 (r5) Discussion:

An uninterruptible power supply (UPS) is an electrical system or mechanism that provides emergency power when there is a failure of the main power source. A UPS is typically used to protect computers, data centers, telecommunication equipment, or other electrical equipment where an unexpected power disruption could cause injuries, fatalities, serious mission or business disruption, or loss of data or information. A UPS differs from an emergency power system or backup generator in that the UPS provides near-instantaneous protection from unanticipated power interruptions from the main power source by providing energy stored in batteries, supercapacitors, or flywheels. The battery duration of a UPS is relatively short but provides sufficient time to start a standby power source, such as a backup generator, or properly shut down the system.

38North Guidance:

Meets Minimum Requirement:

Select and document whether the intention is the power an orderly shutdown or transition to to long-term alternate power in the event of a primary source loss.
Document the configuration, use and test of UPS in procedures.

Best Practice:

Document load planning and validate that UPS configuration can support critical load.
Battery-based UPS requires regular inspection for signs of degradation. Establish an inspection cadence and document results.
Document performance thresholds for replacing UPS.
For non-battery UPS (e.g. flywheel), conduct and document maintenance IAW manufacturers guidance.
Depending on setup, regularly inspect associated components (e.g. Maintenance Bypass Panels) that are required to support UPS operation.
Consider redundant UPS.
If possible, test UPS via simulated power outages, provided such a test can be conducted without cutting power to the operational datacenter.

Unofficial FedRAMP Guidance:

Assessment Evidence:

Review documentation describing UPS procedures.
Inspect UPS configuration, both to validate installation but also for wear and tear.
Records of UPS maintenance and testing

CSP Implementation Tips:

AWS: Fully inherited
Azure: Fully inherited
GCP: Fully inherited

Page updated

Report abuse