On-Premises Facilities, Power, and Environment

Network security is not only about packets and passwords. On-premises infrastructure depends on physical spaces and environmental systems that keep equipment running. A switch in an unlocked closet, a server rack without cooling, a single power circuit, or a water leak above cabling can create a security and availability incident just as real as a malware alert.

The current ISC2 CC outline is effective October 1, 2025, and the new outline is effective September 1, 2026. The exam is computer adaptive testing, runs for 2 hours, includes 100 to 125 items, and uses a 700 out of 1000 passing grade. The current five domain weights are 26 percent, 10 percent, 22 percent, 24 percent, and 18 percent.

Data Centers and Closets

A data center or server room usually contains critical compute, storage, network, and security devices. A network closet may look less impressive, but it often contains switches, patch panels, wireless controllers, telephone equipment, or uplinks that connect an entire floor. Both need access control. If an unauthorized person can unplug uplinks, connect a rogue device, reset equipment, or photograph labels and ports, the organization has a physical security problem.

Good practices include locked rooms or cabinets, access logging, visitor escort, camera coverage where appropriate, documented rack layouts, cable management, and separation from public or high-traffic areas. Ports should not be left casually available in lobbies, classrooms, or conference areas without network access control or segmentation.

Power

Network equipment requires stable power. An uninterruptible power supply can keep devices online during brief outages and allow graceful shutdown. Generators can support longer outages if fuel, testing, maintenance, and transfer procedures are planned. Redundant power supplies and separate circuits reduce the chance that one failed component or breaker takes down a service. For critical equipment, power design should match business requirements, not convenience.

Power failures can also create security risk. If an access control system, camera system, firewall, or VPN concentrator loses power, monitoring and enforcement may fail. A disaster recovery plan should consider which security controls must remain available during an outage.

Environmental Controls

HVAC keeps equipment within temperature and humidity ranges. Too much heat shortens equipment life and can cause sudden shutdowns. Too much humidity can create condensation risk; too little humidity can increase static concerns. Environmental monitoring may include temperature sensors, humidity sensors, water detection, smoke detection, and alerting to facilities or operations teams.

Fire suppression is also part of infrastructure protection. Ordinary water sprinklers may damage electronics, but life safety requirements still come first. Data centers may use clean agent or pre-action systems depending on design, regulation, and risk. Staff should understand evacuation procedures and who is authorized to respond to facility alarms.

Practical Scenario

A company reports intermittent outages every afternoon from a wiring closet that serves one floor. Network logs show switches rebooting, but there are no malware indicators. Facilities data shows the closet temperature rises sharply after lunch because a portable heater was added nearby and the door is often propped open. The right response is not a firewall rule. It is to restore environmental control, secure the closet, inspect the switches, document the issue, and monitor temperature.

Another scenario: a branch office firewall and switch are plugged into the same consumer power strip. A brief power interruption disconnects the office and disables camera uploads. A UPS, proper electrical design, and documented recovery procedure would reduce the risk. On the exam, remember that availability and physical protection are part of security infrastructure.

High-Yield Checkpoints

• Network security depends on physical infrastructure such as power, cabling, closets, data centers, and environmental controls.
• HVAC, temperature, humidity, water detection, and fire suppression protect availability and equipment integrity.
• Server rooms and network closets should be physically secured and monitored because they contain critical connection points.
• Redundant power, UPS systems, generators, and diverse network paths reduce single points of failure.
• ISC2 CC Domain 4 is weighted 24 percent under the current outline effective October 1, 2025.