4.4 Protective cabinets

Description

Protective cabinets serve as depository for data-media of all types or as a place for IT devices (server cabinet). These cabinets should protect their contents against unauthorised access and/or the effects of fire or harmful substances (e.g. dust). They can substitute for a server room or a data media archive (see chapter 4.3.2 and 4.3.3), if the available space or organisational conditions do not allow the use of complete rooms.

Furthermore, protective cabinets can be implemented in server rooms or data media archives to increase the protective effect of the room. They are also recommended for a situation whereby servers from various organisational units are situated in one server room and only the appropriate administrators may have access to the respective servers.

As the costs of protective cabinets are not insignificant, a cost comparison is highly recommended. The comparison must be made between the cost of obtaining and maintaining a protective cabinet, and the cost of setting up and maintaining a server room or data media archive.

In order to achieve protection with a protective cabinet comparable to that obtained with rooms dedicated to this purpose, the safeguards ranging from the choice of cabinet to the siting and usage regulations are outlined in the following chapter.

Threat Scenario

The following typical threats are assumed for protective cabinets as part of IT baseline protection:

Force Majeure:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.
The following describes the safeguards for the area "protective cabinets". It is grouped according to the safeguards which must be implemented for the room where the cabinet is sited, the cabinet in general and for server cabinets.

For the room in which the protective cabinet is to be sited, the following safeguards must be observed:

Infrastructure:

Organisation:

When obtaining and installing a protective cabinet, the following safeguards must be implemented:

Infrastructure:

Organisation:

Personnel:

If the protective cabinet is to be used as a server cabinet, the following safeguards must be implemented in addition to those mentioned above.

Infrastructure:

Organisation:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000