last sync: 2024-Oct-04 17:51:30 UTC

Employ automatic emergency lighting | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Employ automatic emergency lighting
Id aa892c0d-2c40-200c-0dd8-eac8c4748ede
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0209 - Employ automatic emergency lighting
Additional metadata Name/Id: CMA_0209 / CMA_0209
Category: Operational
Title: Employ automatic emergency lighting
Ownership: Customer
Description: Microsoft recommends that your organization employ and maintain automatic emergency lighting for the information system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. The lack of automatic emergency lighting during power outage or disruption may potentially disrupt continuity of business functions. Your organization can implement lighting in critical processing areas through a separate power grid or source in the event of an emergency.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 9 compliance controls are associated with this Policy definition 'Employ automatic emergency lighting' (aa892c0d-2c40-200c-0dd8-eac8c4748ede)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 PE-12 FedRAMP_High_R4_PE-12 FedRAMP High PE-12 Physical And Environmental Protection Emergency Lighting Shared n/a The organization employs and maintains automatic emergency lighting for the information system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. Supplemental Guidance: This control applies primarily to facilities containing concentrations of information system resources including, for example, data centers, server rooms, and mainframe computer rooms. Related controls: CP-2, CP-7. References: None. link 1
FedRAMP_Moderate_R4 PE-12 FedRAMP_Moderate_R4_PE-12 FedRAMP Moderate PE-12 Physical And Environmental Protection Emergency Lighting Shared n/a The organization employs and maintains automatic emergency lighting for the information system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. Supplemental Guidance: This control applies primarily to facilities containing concentrations of information system resources including, for example, data centers, server rooms, and mainframe computer rooms. Related controls: CP-2, CP-7. References: None. link 1
ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Physical And Environmental Security Supporting utilities Shared n/a Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities. link 3
mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found n/a n/a 18
mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found n/a n/a 8
NIST_SP_800-53_R4 PE-12 NIST_SP_800-53_R4_PE-12 NIST SP 800-53 Rev. 4 PE-12 Physical And Environmental Protection Emergency Lighting Shared n/a The organization employs and maintains automatic emergency lighting for the information system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. Supplemental Guidance: This control applies primarily to facilities containing concentrations of information system resources including, for example, data centers, server rooms, and mainframe computer rooms. Related controls: CP-2, CP-7. References: None. link 1
NIST_SP_800-53_R5 PE-12 NIST_SP_800-53_R5_PE-12 NIST SP 800-53 Rev. 5 PE-12 Physical and Environmental Protection Emergency Lighting Shared n/a Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. link 1
SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Additional Criteria For Availability Environmental protections, software, data back-up processes, and recovery infrastructure Shared The customer is responsible for implementing this recommendation. Identifies Environmental Threats — As part of the risk assessment process, management identifies environmental threats that could impair the availability of the system, including threats resulting from adverse weather, failure of environmental control systems, electrical discharge, fire, and water. • Designs Detection Measures — Detection measures are implemented to identify anomalies that could result from environmental threat events. • Implements and Maintains Environmental Protection Mechanisms — Management implements and maintains environmental protection mechanisms to prevent and mitigate environmental events. • Implements Alerts to Analyze Anomalies — Management implements alerts that are communicated to personnel for analysis to identify environmental threat events. • Responds to Environmental Threat Events — Procedures are in place for responding to environmental threat events and for evaluating the effectiveness of those policies and procedures on a periodic basis. This includes automatic mitigation systems (for example, uninterruptable power system and generator backup subsystem). • Communicates and Reviews Detected Environmental Threat Events — Detected environmental threat events are communicated to and reviewed by the individuals responsible for the management of the system and actions are taken, if necessary. • Determines Data Requiring Backup — Data is evaluated to determine whether backup is required. • Performs Data Backup — Procedures are in place for backing up data, monitoring to detect backup failures, and initiating corrective action when such failures occur. • Addresses Offsite Storage — Backup data is stored in a location at a distance from its principal storage location sufficient that the likelihood of a security or environmental threat event affecting both sets of data is reduced to an appropriate level. • Implements Alternate Processing Infrastructure — Measures are implemented for migrating processing to alternate infrastructure in the event normal processing infrastructure becomes unavailable. 13
SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 9. Ensure Availability through Resilience Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. Shared n/a Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. link 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add aa892c0d-2c40-200c-0dd8-eac8c4748ede
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC