Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization protects power equipment and power cabling for the information system from damage and destruction.
NIST 800-53 (r4) Supplemental Guidance:
Organizations determine the types of protection necessary for power equipment and cabling employed at different locations both internal and external to organizational facilities and environments of operation. This includes, for example, generators and power cabling outside of buildings, internal cabling and uninterruptable power sources within an office or data center, and power sources for self-contained entities such as vehicles and satellites. Related control: PE-4.
NIST 800-53 (r5) Discussion:
Organizations determine the types of protection necessary for the power equipment and cabling employed at different locations that are both internal and external to organizational facilities and environments of operation. Types of power equipment and cabling include internal cabling and uninterruptable power sources in offices or data centers, generators and power cabling outside of buildings, and power sources for self-contained components such as satellites, vehicles, and other deployable systems.
38North Guidance:
Meets Minimum Requirement:
Define and document / diagram all power equipment and cabling, both internal and external to the organization.
Describe mechanisms in place to protect power equipment and cabling from damage and destruction.
Best Practice:
Secure external generators and cabling with walls, fencing, access control and video surveillance.
Centrally manage keys to external power cabling and generators.
Test generator function on an organizationally defined schedule.
Test generator fuel quality on an organizationally defined schedule.
Institute reviews of external cabling for signs of wear and tear.
Internally, secure all cabling using a raised floor or similar means, where inadvertent or malicious disconnect is not possible.
Ensure protection of power cabling from facility entrance to final use.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation and / or diagrams showing power equipment and cabling both externally and internally.
Physically inspect external and internal security measures for power equipment and cabling.
Interview personnel to validate that protective measures are used appropriately.
CSP Implementation Tips:
AWS: Fully inherited
Azure: Fully inherited
GCP: Fully inherited
Page updated
Report abuse