PE-18 Location of System Components

Description

Physical and environmental hazards include floods, fires, tornadoes, earthquakes, hurricanes, terrorism, vandalism, an electromagnetic pulse, electrical interference, and other forms of incoming electromagnetic radiation. Organizations consider the location of entry points where unauthorized individuals, while not being granted access, might nonetheless be near systems. Such proximity can increase the risk of unauthorized access to organizational communications using wireless packet sniffers or microphones, or unauthorized disclosure of information.

Applicability

The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this Control are implemented. The intended audience for this Control includes, but is not limited to, all information resources owners and custodians.

Implementation

TAMU-CC shall position system components within authorized facilities to minimize potential damage from physical and environmental hazards and to minimize the opportunity for unauthorized access. TAMU-CC shall:

  1. Consolidate all significant IT equipment into centralized approved member data center(s) or approved commercial data center.
  2. The data center must have at a minimum:
    1. redundant power delivery as specified in PE-11;
    2. redundant networks as specified in CP-8;
    3. redundant cooling as specified in PE-14, and
    4. adequate physical and cybersecurity as specified in the PE and SC families.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019