Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization employs fire detection devices/systems for the information system that activate automatically and notify [FedRAMP Assignment: (H) service provider building maintenance / physical security personnel] and [FedRAMP Assignment: service provider emergency responders with incident response responsibilities] in the event of a fire.
NIST 800-53 (r4) Supplemental Guidance
Organizations can identify specific personnel, roles, and emergency responders in the event that individuals on the notification list must have appropriate access authorizations and/or clearances, for example, to obtain access to facilities where classified operations are taking place or where there are information systems containing classified information.
NIST 800-53 (r5) Discussion
Organizations can identify personnel, roles, and emergency responders if individuals on the notification list need to have access authorizations or clearances (e.g., to enter to facilities where access is restricted due to the classification or impact level of information within the facility). Notification mechanisms may require independent energy sources to ensure that the notification capability is not adversely affected by the fire.
38North Guidance:
Meets Minimum Requirement:
Document / diagram areas where automated fire detection devices and systems reside.
Define who receives alerts.
Install automated fire detection devices.
Provide alerting to designated service provider emergency responders in the event of fire detection.
Best Practice:
Do not rely on heat or flame detectors in datacenter environments.
Provide 24x7x365 onsite coverage to ensure alerts are received.
Consider aspirating detection systems.
For hot aisle setups, ensure smoke detectors in hot aisles will function at temperatures in excess of 100 degrees F.
Consider Early Warning Smoke Detector (EWSD) or Very Early Warning Smoke Detector (VEWSD) deployments.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation / diagrams describing where automated fire detection devices and systems reside.
Review documentation defining who receives alerts.
Interview personnel who receive alerts to ensure they understand their roles and responsibilities.
Inspect fire detection systems.
CSP Implementation Tips:
AWS: Fully inherited.
Azure: Fully inherited.
GCP: Fully inherited.
Page updated
Report abuse