Print This Page

Environmental Risk Management

The general process of assessing and controlling risks arising from the environment surrounding an infrastructure (e.g., estimating the size of a backup generator plant to provide power continuity in case of utility power loss)

Cloud Controls Matrix (CCM) Data

RS-05 | Resiliency | Environmental Risks

Control Specification +-

Physical protection against damage from natural causes and disasters as well as deliberate attacks including fire, flood, atmospheric electrical discharge, solar induced geomagnetic storm, wind, earthquake, tsunami, explosion, nuclear mishap, volcanic activity, biological hazard, civil unrest, mudslide, tectonic activity, and other forms of natural or man-made disaster shall be anticipated, designed and countermeasures applied.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True False False False False

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

45 CFR 164.308 (a)(7)(i)
45 CFR 164.310(a)(2)(ii)

A.9.1.4
A.9.2.1

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

PE-1
PE-13
PE-14
PE-15
PE-18

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15
NIST SP800-53 R3 PE-18
BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

F.2.9, F.1.2.21, F.5.1, F.1.5.2, F.2.1, F.2.7, F.2.8

F.1

8.2.4

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #3

CIP-004-3 R3.2

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Resiliency (RS) | ID #RS-05.1

Is physical protection against damage from natural causes and disasters as well as deliberate attacks anticipated, designed and countermeasures applied?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

45 CFR 164.308 (a)(7)(i)
45 CFR 164.310(a)(2)(ii) (New)

A.9.1.4
A.9.2.1

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-15
NIST SP800-53 R3 PE-18

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)
NIST SP800-53 R3 PE-14
NIST SP800-53 R3 PE-14 (1)
NIST SP800-53 R3 PE-15
NIST SP800-53 R3 PE-18

AUP v5.0 F.1 SIG v6.0: F.2.9, F.1.2.21, F.5.1, F.1.5.2, F.2.1, F.2.7, F.2.8,

GAPP Ref 8.2.4

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True