NIST 800-53 REV 5 • AWARENESS AND TRAINING

AT-3(1)Environmental Controls

Provide {{ insert: param, at-03.01_odp.01 }} with initial and {{ insert: param, at-03.01_odp.02 }} training in the employment and operation of environmental controls.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Environmental controls include fire suppression and detection devices or systems, sprinkler systems, handheld fire extinguishers, fixed fire hoses, smoke detectors, temperature or humidity, heating, ventilation, air conditioning, and power within the facility.

Practitioner Notes

Personnel responsible for environmental controls — HVAC, fire suppression, power conditioning — need training on how those controls protect information systems.

Example 1: Train facilities staff on the proper operation of data center environmental controls: temperature monitoring (target 64-75°F per ASHRAE), humidity control (40-60% RH), and FM200/Novec fire suppression system operation. Include what to do if the environmental monitoring system alarms.

Example 2: Conduct annual walk-throughs of your server room or data center with facilities and IT staff together. Verify that UPS battery status is monitored, CRAC units are functioning, water leak sensors are in place, and emergency power-off (EPO) procedures are posted and understood. Document the walk-through with photos and findings.

More Awareness and Training Controls

AT-1 Policy and Procedures AT-2 Literacy Training and Awareness AT-2(1) Practical Exercises AT-2(2) Insider Threat