Physical Security & Data Center Design | CISSP Domain 3 | SkillAssess
cisspSecurity Architecture and Engineering· 10 min read· 17 May 2026
Physical Security Design: Data Centers, Server Rooms, HVAC, and Environmental Controls
Physical security is the foundation on which all logical security controls rest. No matter how sophisticated an organisation's cryptography or network security, an attacker with physical access to a server can extract data directly from storage media, reset credentials, or simply steal the hardware. The CISSP exam tests physical security at the architectural level: how are physical spaces designed to protect assets using defence in depth, and what environmental controls are required to maintain operational continuity?
Defence in Depth for Physical Spaces
Physical defence in depth applies concentric layers of security controls, each requiring a separate compromise for an attacker to advance toward the most sensitive assets.
The outermost layer is the site perimeter: fences, vehicle barriers (bollards and berms to prevent vehicle ramming attacks), security lighting, and perimeter intrusion detection sensors. The site perimeter defines the boundary between public space and the organisation's controlled area.
The building layer includes external walls, controlled entry points (security vestibules, also called mantraps), access control systems (badge readers, key pads), visitor management (sign-in, escort requirements), and security guards. A mantrap (or airlock) is a small room with two interlocking doors — only one can be open at a time — that prevents tailgating (an unauthorised person following an authorised person through a secured door).
The floor or area layer restricts access to sensitive areas within the building. Server rooms, data centres, and telecommunications rooms should be locked and require separate authentication. Operations areas may have glass walls for visibility (to observe activity) or solid walls for confidentiality (to prevent shoulder surfing of screens).
The rack or cabinet layer is the innermost layer: individual server cabinets with locks that require separate keys or access codes. Even inside a secured server room, individual racks may hold different classification levels of equipment.
For the exam: the layered physical security model is directly tested. When a question describes a physical security design, count the layers and identify which is most appropriate for the threat scenario.
Server Room and Data Centre Design
Data centres require careful physical design to protect both security and operational continuity. Key design elements tested on the exam include raised floors, hot/cold aisle containment, and power management.
Raised floors (typically 18-24 inches above the structural floor) create a plenum space used for cable management and cold air distribution. Cold air from precision air conditioning units (CRACs — Computer Room Air Conditioners) is delivered through perforated floor tiles beneath server equipment. The raised floor also facilitates the routing of power cables and network cabling without running them across the floor where they could be tripped over or damaged.
Hot/cold aisle containment is a cooling strategy that organises server racks in alternating rows facing each other — front-to-front (cold aisle) and back-to-back (hot aisle). Cold air is delivered to the fronts of servers through the cold aisle; hot exhaust air exits from the backs of servers into the hot aisle and is captured for return to the cooling system. This prevents cold and hot air mixing, dramatically improving cooling efficiency. In advanced implementations, hot or cold aisles are physically enclosed (contained) to further improve efficiency.
Aisle containment is not a security control — it is an availability control. Inadequate cooling causes hardware failures and data centre outages.
HVAC: Heating, Ventilation, and Air Conditioning
Data centres are heat-generating environments. Modern high-density server racks can generate enormous amounts of heat that must be continuously removed to prevent hardware damage and failure.
HVAC requirements for data centres include: precise temperature control (ASHRAE A1-class equipment typically operates at 64.4-80.6°F / 18-27°C), humidity control (relative humidity should be maintained between 40-60% — too dry creates electrostatic discharge risk, too humid creates condensation risk), redundant HVAC systems (N+1 or 2N redundancy to ensure cooling continues if a single CRAC unit fails), and separate HVAC systems for the data centre and office spaces (to prevent the data centre environment from being compromised by less critical HVAC failures).
For the exam: HVAC is a critical availability control in data centres. Questions may test whether you understand the correct temperature and humidity ranges, the consequences of HVAC failure, and why data centres require dedicated (not shared) HVAC systems.
Power: UPS, Generators, and Redundant Feeds
Power is the most fundamental availability dependency for a data centre. Power failure causes immediate system unavailability and potential data corruption if systems are not gracefully shut down.
Uninterruptible Power Supply (UPS) systems provide immediate power protection against short interruptions. A UPS uses batteries to maintain power for seconds to minutes — sufficient to allow systems to remain operational during brief outages or for automated systems to initiate graceful shutdown procedures. UPS also conditions power, protecting against voltage spikes and sags.
Generator systems provide sustained backup power during extended outages. Generators typically take 10-30 seconds to start and reach stable output — the UPS bridges the gap. Diesel generators are the most common data centre choice. Fuel supply management (maintaining adequate fuel reserves, fuel delivery contracts) is an important operational consideration for extended outage scenarios.
Redundant utility feeds provide resilience against utility power failures. A data centre with two independent utility feeds from separate substations and separate physical routes can maintain power even if one feed is severed by a construction accident or substation failure. The exam may test whether a single utility feed with generator backup provides adequate redundancy — the answer depends on the organisation's RTO requirements.
For the exam: UPS provides immediate (seconds-to-minutes) backup power. Generators provide sustained (hours-to-days) backup power. Redundant utility feeds protect against utility infrastructure failures. The combination of all three provides maximum power resilience.
Fire Detection and Suppression
Fire protection in data centres requires balancing two competing objectives: suppressing fires quickly to minimise damage, while not causing additional damage (especially water damage to electronics) through the suppression mechanism.
Fire detection systems should provide early warning to allow evacuation and response before suppression is triggered. Early warning systems include: ionisation detectors (detect small particles produced by fast-flaming fires, sensitive to invisible combustion particles), photoelectric detectors (detect smoke particles from smouldering fires), VESDA systems (Very Early Smoke Detection Apparatus — continuously samples air and provides extremely early warning of smoke before visible fire), and flame detectors (detect infrared or ultraviolet radiation from flames).
Halon was the historical gold standard for data centre fire suppression: it was highly effective and left no residue that could damage equipment. However, Halon 1301 and 1211 were found to deplete stratospheric ozone and were phased out under the Montreal Protocol. New Halon installations are banned in most countries.
Halon alternatives include: FM-200 (HFC-227ea) — a gaseous suppressant that works by absorbing heat from the combustion reaction. It leaves no residue, is safe for electronic equipment, and is safe for humans at normal use concentrations. INERGEN and other inert gas systems (nitrogen, argon, CO2 mixtures) — work by reducing oxygen concentration to below the level that supports combustion. Effective but require sealed spaces to maintain concentration.
Wet pipe sprinkler systems maintain water in the pipes at all times and discharge immediately when heat activates a sprinkler head. While effective for general building protection, water discharge in a data centre causes significant equipment damage. Not recommended for server rooms.
Dry pipe sprinkler systems maintain compressed air in the pipes; water enters only when a sprinkler head is activated. They are safer for data centres than wet pipe systems (no risk of accidental leakage) but still discharge water when activated.
Pre-action sprinkler systems require two separate triggers before water is discharged: detection of fire AND activation of a sprinkler head. This two-signal requirement significantly reduces the risk of accidental discharge. Pre-action systems are the recommended sprinkler option for data centres where gaseous suppression is not feasible.
For the exam: FM-200 and inert gas suppression win in data centre scenarios — they suppress fire without damaging equipment. If the question asks about a server room specifically, water-based suppression is incorrect. If the question asks about the harm from sprinkler activation, the answer is water damage to electronics.
Media Storage, Evidence Rooms, and Restricted Work Areas
Sensitive media and evidence require additional physical controls. Backup tapes, cryptographic key material, and forensic evidence must be stored in locked, access-controlled storage with audit logs of access. Evidence rooms require tamper-evident seals and chain of custody documentation.
Restricted work areas (such as rooms where classified work is performed) may require TEMPEST controls — measures to prevent electromagnetic emanations from equipment from being intercepted and used to reconstruct processed information. TEMPEST shielding involves Faraday cage construction, shielded cables, and power line filters.
Exam Tip
For fire suppression in a data centre, FM-200 or inert gas wins — water damages equipment. The exam frequently presents scenarios where a water-based suppression system is activated in a server room and asks what the primary concern is. The answer is the damage caused by water to electronic equipment, not the fire itself (which was already extinguished). Also know the HVAC and power redundancy hierarchy: UPS bridges the gap while generators start.
// PRACTICE_THIS_DOMAIN
Test your knowledge on Security Architecture and Engineering
AI-generated practice questions mapped to this domain. Get instant explanations and track your progress.