>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PE-14Environmental Controls

IL4 Mod
IL4 High
IL5
IL6

>Control Description

a

Maintain [Selection (one or more): temperature; humidity; pressure; radiation; organization-defined environmental control] levels within the facility where the system resides at organization-defined acceptable levels; and

b

Monitor environmental control levels organization-defined frequency.

>DoD Impact Level Requirements

FedRAMP Parameter Values

PE-14 (a) [consistent with American Society of Heating, Refrigerating and Air-conditioning Engineers (ASHRAE) document entitled Thermal Guidelines for Data Processing Environments] PE-14 (b) [continuously]

Additional Requirements and Guidance

PE-14 (a) Requirement: The service provider measures temperature at server inlets and humidity levels by dew point.

>Discussion

The provision of environmental controls applies primarily to organizational facilities that contain concentrations of system resources (e.g., data centers, mainframe computer rooms, and server rooms). Insufficient environmental controls, especially in very harsh environments, can have a significant adverse impact on the availability of systems and system components that are needed to support organizational mission and business functions.

>Related Controls

AT-3
CP-2

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern environmental controls (temperature and humidity) for areas housing information systems?
  • How does the organization define acceptable environmental parameters for different system types?
  • What is the process for monitoring environmental conditions and responding to out-of-range alerts?
  • How are environmental control system failures escalated and managed?
  • What governance exists for maintaining and testing HVAC and environmental monitoring systems?

Technical Implementation:

  • What HVAC and environmental control systems maintain temperature and humidity?
  • How are environmental parameters monitored and controlled?
  • What sensors and monitoring systems are deployed, and where?
  • What automatic responses occur when environmental parameters exceed thresholds?
  • How do environmental control systems provide redundancy and fail-over?

Evidence & Documentation:

  • Provide environmental monitoring system documentation and sensor locations.
  • Provide temperature and humidity logs for the past 90 days.
  • Provide evidence of alerts when environmental parameters exceeded thresholds.
  • Provide HVAC maintenance and testing records from the past year.
  • Provide documentation of any environmental incidents affecting systems.

Ask AI

Configure your API key to use AI features.