Guidance for NIST 800-171 Assessment & Compliance
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
pe-10 |
emergency shutoff |
||
|
assessment objective: Determine if the organization: |
||
pe-10(a) |
provides the capability of shutting off power to the information system or individual system components in emergency situations; |
||
pe-10(b) |
pe-10(b)[1] |
defines the location of emergency shutoff switches or devices by information system or system component; |
|
pe-10(b)[2] |
places emergency shutoff switches or devices in the organization-defined location by information system or system component to facilitate safe and easy access for personnel; and |
||
pe-10(c) |
protects emergency power shutoff capability from unauthorized activation. |
||
potential assessment methods and objects: Examine: [select from: Physical and environmental protection policy; procedures addressing power source emergency shutoff; security plan; emergency shutoff controls or switches; locations housing emergency shutoff switches and devices; security safeguards protecting emergency power shutoff capability from unauthorized activation; other relevant documents or records]. Interview: [select from: Organizational personnel with responsibility for emergency power shutoff capability (both implementing and using the capability); organizational personnel with information security responsibilities]. Test: [select from: Automated mechanisms supporting and/or implementing emergency power shutoff]. |
|||
