S 2.7 Protective cabinets
Description
Protective cabinets serve as depositories for data-media of all types or as a place for IT devices ("server cabinet"). These cabinets are intended to protect their contents against unauthorised access and/or the effects of fire or harmful substances (e.g. dust). They can substitute for a server room or a data media archive (see modules S 2.4 and S 2.5), if the available space or organisational conditions do not allow the use of complete rooms. If exclusive storage of data media and inactive IT equipment is intended, a suitable data protection cabinet based on the standards EN 1047-1 and EN 1047-2 should be preferred.
Furthermore, protective cabinets can be implemented in server rooms or data media archives to increase the protective effect of the room. They are also recommended for a situation whereby servers from various organisational units are situated in one server room and only the appropriate administrators may have access to the respective servers.
In order to achieve protection with a protective cabinet comparable to that obtained with rooms dedicated to this purpose, a series of safeguards ranging from the choice of cabinet to the siting and usage regulations are required. They are described in the present module.
Threat scenario
The following typical threats to the IT-Grundschutz of protective cabinets are assumed to exist:
Force Majeure
| T 1.4 | Fire |
| T 1.5 | Water |
| T 1.7 | Inadmissible temperature and humidity |
| T 1.8 | Dust, soiling |
Organisational Shortcomings
| T 2.4 | Insufficient monitoring of security safeguards |
Human Error
| T 3.21 | Improper use of code locks |
Technical Failure
| T 4.1 | Disruption of power supply |
| T 4.2 | Failure of internal supply networks |
| T 4.3 | Failure of existing safety devices |
| T 4.4 | Impairment of lines due to environmental factors |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.4 | Theft |
| T 5.5 | Vandalism |
| T 5.16 | Threat during maintenance/administration work |
| T 5.53 | Deliberate misuse of protective cabinets for reasons of convenience |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
A series of safeguards must be implemented for selection and use of protective cabinets, starting in the planning and design phase, through the purchasing phase, and up to the contingency planning phase. The steps to take to accomplish this as well as the safeguards to implement in each phase are listed in the following.
Planning and design
Before purchasing a protective cabinet, a concept should be drawn up first which is based on the requirements from the intended operational scenarios (see S 2.311 Planning protective cabinets).
Purchasing
Safeguard S 2.95 Obtaining suitable protective cabinets contains the most important criteria to be used when selecting a protective cabinet.
Implementation
Only those persons entrusted with the corresponding maintenance tasks should be granted access to the protective cabinet and they should receive a corresponding instruction concerning the operation of the protective cabinet. It should be taken for granted that smoking is prohibited in the protective cabinet room. Information on the siting of a protective cabinet is found in safeguard S 1.40 Appropriate siting of protective cabinets.
Operation
Protective cabinet rooms should always be locked, if the cabinets themselves are not designed in such a way that they can also be installed in an unprotected environment. It must be ensured that the protective cabinets are always correctly locked. Especially when using number locks their correct operation must be ensured.
The bundle of security safeguards relating to protective cabinets are presented in the following.
Planning and design
| S 1.7 | (A) | Hand-held fire extinguishers |
| S 1.18 | (Z) | Intruder and fire detection devices |
| S 1.24 | (C) | Avoidance of water pipes |
| S 1.27 | (B) | Air conditioning of the technology / in technology rooms |
| S 1.28 | (B) | Local uninterruptible power supply |
| S 1.31 | (Z) | Remote indication of malfunctions |
| S 1.41 | (Z) | Protection against electromagnetic irradiation |
| S 2.311 | (A) | Planning protective cabinets |
Purchasing
| S 2.95 | (C) | Obtaining suitable protective cabinets |
Implementation
| S 1.40 | (A) | Appropriate siting of protective cabinets |
| S 2.17 | (A) | Entry regulations and controls |
| S 2.21 | (A) | Ban on smoking |
| S 3.20 | (A) | Instructions concerning the operation of protective cabinets |
Operation
| S 1.15 | (A) | Closed windows and doors |
| S 2.96 | (A) | Locking of protective cabinets |
| S 2.97 | (A) | Correct procedure for code locks |