myctrl.tools
Compare

PE-21Electromagnetic Pulse Protection

>Control Description

Employ organization-defined protective measures against electromagnetic pulse damage for organization-defined systems and system components.

>Cross-Framework Mappings

SCF

PES-15
Compare

>Supplemental Guidance

An electromagnetic pulse (EMP) is a short burst of electromagnetic energy that is spread over a range of frequencies. Such energy bursts may be natural or man-made. EMP interference may be disruptive or damaging to electronic equipment.

Protective measures used to mitigate EMP risk include shielding, surge suppressors, ferro-resonant transformers, and earth grounding. EMP protection may be especially significant for systems and applications that are part of the U.S. critical infrastructure.

>Related Controls

PE-18
PE-19

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern the implementation of electromagnetic pulse protection for the organization's facilities?
  • Who is responsible for overseeing and maintaining electromagnetic pulse protection controls?
  • How frequently are electromagnetic pulse protection controls reviewed and updated?
  • What process exists for granting exceptions to electromagnetic pulse protection requirements?
  • How does the organization ensure accountability for electromagnetic pulse protection across all facility locations?

Technical Implementation:

  • What technologies or systems technically implement electromagnetic pulse protection?
  • How are these systems configured to meet the control requirements?
  • What monitoring or alerting capabilities exist for electromagnetic pulse protection?
  • How do electromagnetic pulse protection systems integrate with other physical security infrastructure?
  • What redundancy or backup mechanisms support electromagnetic pulse protection?

Evidence & Documentation:

  • Provide documented policies and procedures for electromagnetic pulse protection.
  • Provide evidence of electromagnetic pulse protection implementation and configuration.
  • Provide logs, records, or reports demonstrating electromagnetic pulse protection activities over the past 90 days.
  • Provide testing, maintenance, or inspection records for electromagnetic pulse protection from the past year.
  • Provide evidence of electromagnetic pulse protection reviews, audits, or assessments.

Ask AI

Configure your API key to use AI features.