PE-18: LOCATION OF INFORMATION SYSTEM COMPONENTS
TAILORED FOR INDUSTRIAL CONTROL SYSTEMS
ISC Control Baseline:
- High
The organization positions information system components within the facility to minimize potential damage from [Assignment: organization-defined physical and environmental hazards] and to minimize the opportunity for unauthorized access.
SUPPLEMENTAL GUIDANCE
Physical and environmental hazards include, for example, flooding, fire, tornados, earthquakes, hurricanes, acts of terrorism, vandalism, electromagnetic pulse, electrical interference, and other forms of incoming electromagnetic radiation. In addition, organizations consider the location of physical entry points where unauthorized individuals, while not being granted access, might nonetheless be in close proximity to information systems and therefore increase the potential for unauthorized access to organizational communications (e.g., through the use of wireless sniffers or microphones).
ICS SUPPLEMENTAL GUIDANCE
No ICS Supplemental Guidance.
RELATED CONTROLS: PE-18
CONTROL ENHANCEMENTS
PE-18 (1) LOCATION OF INFORMATION SYSTEM COMPONENTS | FACILITY SITE
NOT SELECTED FOR THE NIST ISC CONTROL SET
The organization plans the location or site of the facility where the information system resides with regard to physical and environmental hazards and for existing facilities, considers the physical and environmental hazards in its risk mitigation strategy.
Supplemental Guidance: NONE
REFERENCES:
- NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY