4.4 Protective cabinets

Description

Protective cabinets serve as depository for data-media of all types or as a place for IT devices (server cabinet). These cabinets should protect their contents against unauthorised access and/or the effects of fire or harmful substances (e.g. dust). They can substitute for a server room or a data media archive (see chapter 4.3.2 and 4.3.3), if the available space or organisational conditions do not allow the use of complete rooms.

Furthermore, protective cabinets can be implemented in server rooms or data media archives to increase the protective effect of the room. They are also recommended for a situation whereby servers from various organisational units are situated in one server room and only the appropriate administrators may have access to the respective servers.

As the costs of protective cabinets are not insignificant, a cost comparison is highly recommended. The comparison must be made between the cost of obtaining and maintaining a protective cabinet, and the cost of setting up and maintaining a server room or data media archive.

In order to achieve protection with a protective cabinet comparable to that obtained with rooms dedicated to this purpose, the safeguards ranging from the choice of cabinet to the siting and usage regulations are outlined in the following chapter.

Threat Scenario

The following typical threats are assumed for protective cabinets as part of IT baseline protection:

Force Majeure:

• T 1.4 Fire
• T 1.5 Water
• T 1.7 Inadmissible temperature and humidity (only server cabinets)
• T 1.8 Dust, soiling

Organisational Shortcomings:

• T 2.4 Insufficient monitoring of IT security measures

Human Failure:

• T 3.21 Improper use of code keys

Technical Failure:

• T 4.1 Improper use of code keys
• T 4.2 Failure of internal supplies (only server cabinet)
• T 4.3 Inoperability of existing safeguards
• T 4.4 Impairment of lines due to environmental factors

Deliberate Acts:

• T 5.1 Manipulation/destruction of IT equipment or accessories
• T 5.4 Theft
• T 5.5 Vandalism
• T 5.16 Threat posed by internal staff during maintenance/administration work
• T 5.17 Threat posed by external staff during maintenance work
• T 5.53 Deliberate misuse of protective cabinets for reasons of convenience

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.
The following describes the safeguards for the area "protective cabinets". It is grouped according to the safeguards which must be implemented for the room where the cabinet is sited, the cabinet in general and for server cabinets.

For the room in which the protective cabinet is to be sited, the following safeguards must be observed:

Infrastructure:

• S 1.7 (2) Hand-held fire extinguishers
• S 1.8 (2) Room allocation, with due regard to fire loads
• S 1.15 (2) Closed windows and doors
• S 1.18 (2) Intruder and fire detection devices (optional)
• S 1.24 (3) Avoidance of water pipes (optional)

Organisation:

• S 2.6 (1) Granting of site access authorisations
• S 2.14 (2) Key management
• S 2.16 (2) Supervising or escorting outside staff/visitors
• S 2.17 (2) Entry regulations and controls
• S 2.18 (3) Inspection rounds (optional)
• S 2.21 (2) Ban on smoking (optional)

When obtaining and installing a protective cabinet, the following safeguards must be implemented:

Infrastructure:

• S 1.1 (2) Compliance with relevant DIN standards/VDE specifications
• S 1.18 (2) Intruder and fire detection devices (for the cabinet) (optional)
• S 1.40 (1) Appropriate siting of protective cabinets

Organisation:

• S 2.6 (1) Granting of site access authorisations
• S 2.14 (2) Key management
• S 2.95 (1) Obtaining suitable protective cabinets
• S 2.96 (1) Locking of protective cabinets
• S 2.97 (1) Correct procedure for code locks (if available)

Personnel:

• S 3.3 (1) Arrangements for substitution
• S 3.5 (2) Education on IT security measures
• S 3.20 (1) Instructions concerning the operation of protective cabinets

If the protective cabinet is to be used as a server cabinet, the following safeguards must be implemented in addition to those mentioned above.

Infrastructure:

• S 1.25 (2) Overvoltage protection (optional)
• S 1.26 (2) Emergency circuit-breakers
• S 1.27 (2) Air conditioning (optional)
• S 1.28 (2) Local uninterruptible power supply [UPS] (optional)
• S 1.31 (2) Remote indication of malfunctions (optional)
• S 1.41 (2) Protection against electromagnetic irradiation (optional)

Organisation:

• S 2.4 (2) Maintenance/repair regulations