Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization employs and maintains fire suppression and detection devices/systems for the information system that are supported by an independent energy source.
NIST 800-53 (r4) Supplemental Guidance
This control applies primarily to facilities containing concentrations of information system resources including, for example, data centers, server rooms, and mainframe computer rooms. Fire suppression and detection devices/systems include, for example, sprinkler systems, handheld fire extinguishers, fixed fire hoses, and smoke detectors.
NIST 800-53 (r5) Discussion
The provision of fire detection and suppression systems applies primarily to organizational facilities that contain concentrations of system resources, including data centers, server rooms, and mainframe computer rooms. Fire detection and suppression systems that may require an independent energy source include sprinkler systems and smoke detectors. An independent energy source is an energy source, such as a microgrid, that is separate, or can be separated, from the energy sources providing power for the other parts of the facility.
38North Guidance:
Meets Minimum Requirement:
Document / diagram location of fire suppression and detection systems.
Maintain reviewable maintenance records that show maintenance on an organizationally defined timetable.
Describe and demonstrate independent energy source.
Best Practice:
Consider non-water based fire suppression (e.g. a Clean Agent system)
If a water-based sprinkler system is used consider a pre-action and/or water mist sprinkler system.
Document different fire suppression approaches for different areas of the datacenter (e.g. sprinkler system for general areas and clean agent for racks).
Document areas of highest fire risk (e.g. generators, lithium ion battery collections, etc.) and develop specialized approaches for rapid suppression of potential fires.
Use fire-resistant construction and architecture to limit fire spread and zone fire suppression capabilities appropriately.
Keep control or "releasing panels" physically secure but in an accessible area that is not likely to be blocked by fire.
Validate that there is no combustible material within raise floors.
If hot aisles setups are used, ensure that fire alarms are rated for hot aisle operation.
24x7 onsite monitoring for fire alarms.
Align anticipated cleanup times to maximum allowed downtime timeframes.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation describing fire alarm positioning, activation and power arrangements.
Inspect fire alarms and alternative power arrangements.
Records of fire suppression testing/maintenance
Most recent fire suppression and detection devices/systems inspection report
CSP Implementation Tips:
AWS: Fully inherited.
Azure: Fully inherited.
GCP: Fully inherited.
Page updated
Report abuse