Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment.
NIST 800-53 (r5) Discussion
The alarm or notification may be an audible alarm or a visual message in real time to personnel or roles defined by the organization. Such alarms and notifications can help minimize harm to individuals and damage to organizational assets by facilitating a timely incident response.
38North Guidance:
Meets Minimum Requirement:
Document thresholds for alarms.
Install and configure alarms.
Best Practice:
Log alerts and maintain for a minimum of one year.
Train personnel in procedures for responding to temperature and humidity alarms.
Centralize alarms with other facility alerts.
If remote monitoring, configure calls or SMS alerts, and be cognizant of limits on metadata exchange.
Network temperature and humidity sensors and display graphically to help troubleshoot cause.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation describing alarm thresholds.
Review records of past alarm activation (if available).
Interview personnel to ensure they understand how to respond to alerts.
Inspect alarm installation.
Configuration from temperature and humidity monitoring for data center that notifies personnel when temperature and humidity levels are outside ASHRAE guidelines.
Test by having personnel intentionally raise the temp and humidity for the units. Obtain the automated notification of the alert and notification of the temp and humidity readings going back to normal.
CSP Implementation Tips:
AWS: Fully inherited.
Azure: Fully inherited.
GCP: Fully inherited.
Page updated
Report abuse