At an organizational level, POA&Ms provide management visibility into current and planned allocation of security resources and risk mitigation activities. Philpott, in FISMA and the Risk Management Framework, 2013 Using the POA&M to Support Security Managementįor authorized systems, the plan of action and milestones has an important role in operational security management, providing a basis for system owners, senior information security officers, risk management program managers, and other organizational officials to monitor progress in implementing corrective actions and achieving milestones specified in the POA&M. The co-location facility provides WAN connectivity to remote areas and can be used to house production capacity in the event it is needed. These smaller remote locations house limited production capacity for remote operational areas, and a few house remote off-site backups for critical HQ systems and data. In addition to the dual production HQ data centers, ABC has smaller remote data centers or server closets, as well as a separate co-location facility over 100 miles from HQ. Moreover, ABC segments operational networks from each other and employs firewalls and IDS/IPS (Intrusion Detection System/Intrusion Prevention System) technology between networks in order to further mitigate risk.ĪBC’s WAN infrastructure connects buildings in some 20 different geographic locations spread over an approximate 350 mile radius.
Under the 18″ subfloors, leak detection is also in place with sump pumps should ground water be detected. If dry fire suppression fails to put out the fire within a certain amount of time, preaction sprinkler systems will trigger. The FM-200 dry fire suppression system is waterless and protects expensive IT equipment by leaving no residue or deposits upon discharge the discharge can be removed from an area with simple ventilation. In addition, they operate an FM-200 dry fire suppression, subfloor leak detection, and preaction sprinkler systems in their primary data centers.
Poa&m generator full#
By designing full redundancy into their network and environmental systems, they ensure that the loss of a single data center node will not cause a network outage. Both 1 and 10 Gbps connectivity is provided, depending on requirements. All networking gear is standardized on a single vendor, Cisco, and both core and distribution routers and switches are dual aggregated, each with dual power supplies connected to both A and B data center power feeds. Enough diesel fuel is kept at each site to run the generators for several days, if need be.
Poa&m generator generator#
Both data centers employ redundant A and B power supplies, with UPS and diesel generator power backup systems to power both the internal network, servers, and environmental systems, such as chilled cooling or sump pumps, in case of loss of building power. Today, they operate dual production data centers outside of flood zones in the same city as their headquarters, 10 miles apart and connected by 10 Gbps redundant fiber loops.
Poa&m generator upgrade#
First, they implemented a data center and network upgrade project in order to (1) enable server virtualization, (2) enable a converged shared storage infrastructure, and (3) improve recovery objectives based on their most stringent RTO requirements-30 minutes for their Outage Management System (OMS). Since all critical IT services depend on reliable and protected data center and network assets, they began with improvements to these core infrastructure assets, incorporating BC/DR best practices as they progressed. In addition to security risk mitigation, other risk mitigation activities were undertaken in parallel to help improve recovery operations in addition to other service levels. Susan Snedaker, Chris Rima, in Business Continuity and Disaster Recovery Planning for IT Professionals (Second Edition), 2014 Data center and networkīased on what we’ve discussed so far, it is clear ABC has spent a considerable amount of time and energy over the past 8 years improving security risk mitigation strategies for their IT assets.