Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization employs fire suppression devices/systems for the information system that provide automatic notification of any activation to Assignment: organization-defined personnel or roles] and [Assignment: organization-defined emergency responders].
NIST 800-53 (r4) Supplemental Guidance
Organizations can identify specific personnel, roles, and emergency responders in the event that individuals on the notification list must have appropriate access authorizations and/or clearances, for example, to obtain access to facilities where classified operations are taking place or where there are information systems containing classified information.
NIST 800-53 (r5) Discussion
Organizations can identify specific personnel, roles, and emergency responders if individuals on the notification list need to have appropriate access authorizations and/or clearances (e.g., to enter to facilities where access is restricted due to the impact level or classification of information within the facility). Notification mechanisms may require independent energy sources to ensure that the notification capability is not adversely affected by the fire.
38North Guidance:
Meets Minimum Requirement:
Define personnel or roles AND designated emergency responders who receive alerts in the event of fire suppression system activation.
Document this definition.
Best Practice:
Ensure that personnel understand the various types of fire suppression systems in use in the datacenter.
Ensure that personnel are trained in how to respond to fire suppression system activation, to include conditions under which termination of a fire suppression system is justified.
Test fire response at least annually.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation assigning personnel and roles who receive notification of activation of fire suppression equipment.
Interview personnel to ensure they understand their responsibility to respond to notifications of fire suppression activation.
Records of fire suppression testing
CSP Implementation Tips:
AWS: Fully inherited.
Azure: Fully inherited.
GCP: Fully inherited.
Page updated
Report abuse