Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization:
a. Maintains temperature and humidity levels within the facility where the information system resides at [FedRAMP Assignment: (L) (M) (H) consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments]; and
b. Monitors temperature and humidity levels [FedRAMP Assignment: (L) (M) (H) continuously].
[Additional FedRAMP Requirements: (L) (M) (H) PE-14 (a): The service provider measures temperature at server inlets and humidity levels by dew point.]
NIST 800-53 (r4) Supplemental Guidance
This control applies primarily to facilities containing concentrations of information system resources, for example, data centers, server rooms, and mainframe computer rooms. Related control: AT-3.
NIST 800-53 (r5) Discussion
The provision of environmental controls applies primarily to organizational facilities that contain concentrations of system resources (e.g., data centers, mainframe computer rooms, and server rooms). Insufficient environmental controls, especially in very harsh environments, can have a significant adverse impact on the availability of systems and system components that are needed to support organizational mission and business functions.
38North Guidance:
Meets Minimum Requirement:
Document target temperature and humidity levels within the facility, clearly delineating if unique requirements apply to specific zones.
FedRAMP requirement: Have a mechanism for continuously monitoring temperature and humidity levels.
FedRAMP requirement: Temperature must be measured at server inlets.
FedRAMP requirement: Humidity must be measure by dew point.
Best Practice:
Clearly document acceptable temperature and humidity level ranges and train personnel to recognize issues and deviations.
Follow ASHRAE guidance recommendation of a minimum of six temperature sensors per rack (top, middle bottom sensors, both front and back)
Monitor both outtake and intake and establish acceptable temperature ranges for both.
Monitor differential air pressure across racks to validate that airflow is acceptable.
Tests temperature and humidity sensors NLT monthly to validate accuracy.
If using a hot aisle design, use dedicated sensors for tracking hot aisles to validate containment is still enforced.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation describing temperature and humidity ranges.
Interview staff to validate that they understand acceptable ranges.
Inspect placement of sensors.
Inspect continuous temperature / humidity monitoring approach.
CSP Implementation Tips:
AWS: Fully inherited.
Azure: Fully inherited.
GCP: Fully inherited.
Page updated
Report abuse